IDCVSSSummaryLast (major) updatePublished
CVE-2018-14775 4.9
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2017-1000373 6.4
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack
19-06-2017 - 12:29 19-06-2017 - 12:29
CVE-2017-1000372 7.5
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
19-06-2017 - 12:29 19-06-2017 - 12:29
CVE-2017-5850 7.8
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
31-03-2017 - 06:55 27-03-2017 - 11:59
CVE-2016-6522 4.9
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6350 4.9
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6247 4.9
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6246 4.9
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6245 4.9
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6243 4.9
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6242 4.9
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6241 7.2
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6240 7.2
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6239 4.9
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2016-6244 7.8
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
08-03-2017 - 11:39 07-03-2017 - 10:59
CVE-2007-1351 8.5
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflo
19-02-2017 - 00:17 05-04-2007 - 21:19
CVE-2004-0819 5.0
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.
07-11-2016 - 21:59 25-08-2004 - 00:00
CVE-2007-1365 10.0
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.
17-10-2016 - 23:43 10-03-2007 - 16:19
CVE-2007-0085 6.0
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecif
17-10-2016 - 23:42 05-01-2007 - 06:28
CVE-2004-1799 7.5
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
17-10-2016 - 23:00 31-12-2004 - 00:00
CVE-2004-0688 7.5
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2004-0687 7.5
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0488 7.5
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subje
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2004-0482 4.6
Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and pos
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2004-0418 10.0
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical prog
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0417 5.0
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consu
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0416 10.0
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0414 10.0
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0257 5.0
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
17-10-2016 - 22:42 23-11-2004 - 00:00
CVE-2004-0222 5.0
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.
17-10-2016 - 22:42 04-05-2004 - 00:00
CVE-2004-0221 5.0
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker I
17-10-2016 - 22:42 04-05-2004 - 00:00
CVE-2004-0220 10.0
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as
17-10-2016 - 22:42 04-05-2004 - 00:00
CVE-2004-0219 5.0
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
17-10-2016 - 22:42 04-05-2004 - 00:00
CVE-2004-0218 5.0
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
17-10-2016 - 22:42 04-05-2004 - 00:00
CVE-2004-0114 4.6
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails,
17-10-2016 - 22:41 03-03-2004 - 00:00
CVE-2004-0112 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
17-10-2016 - 22:40 23-11-2004 - 00:00
CVE-2004-0106 7.2
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
17-10-2016 - 22:40 03-03-2004 - 00:00
CVE-2004-0084 10.0
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a d
17-10-2016 - 22:40 03-03-2004 - 00:00
CVE-2004-0083 10.0
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CV
17-10-2016 - 22:40 03-03-2004 - 00:00
CVE-2004-0081 5.0
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
17-10-2016 - 22:40 23-11-2004 - 00:00
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
17-10-2016 - 22:40 23-11-2004 - 00:00
CVE-2003-0955 4.6
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_
17-10-2016 - 22:38 15-12-2003 - 00:00
CVE-2003-0681 7.5
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
17-10-2016 - 22:36 06-10-2003 - 00:00
CVE-2003-0466 10.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to tr
17-10-2016 - 22:34 27-08-2003 - 00:00
CVE-2003-0144 7.2
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or
17-10-2016 - 22:30 31-03-2003 - 00:00
CVE-2003-0078 5.0
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cry
17-10-2016 - 22:29 03-03-2003 - 00:00
CVE-2003-0028 7.5
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via
17-10-2016 - 22:28 25-03-2003 - 00:00
CVE-2002-1420 7.2
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsig
17-10-2016 - 22:27 11-04-2003 - 00:00
CVE-2002-1345 5.0
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
17-10-2016 - 22:26 23-12-2002 - 00:00
CVE-2002-1221 5.0
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
17-10-2016 - 22:24 29-11-2002 - 00:00
CVE-2002-1220 5.0
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
17-10-2016 - 22:24 29-11-2002 - 00:00
CVE-2002-1219 7.5
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
17-10-2016 - 22:24 29-11-2002 - 00:00
CVE-2002-0701 2.1
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was
17-10-2016 - 22:21 23-07-2002 - 00:00
CVE-2002-0542 7.2
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
17-10-2016 - 22:20 03-07-2002 - 00:00
CVE-2002-0391 10.0
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array
17-10-2016 - 22:20 12-08-2002 - 00:00
CVE-2001-0402 7.5
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestri
17-10-2016 - 22:10 18-06-2001 - 00:00
CVE-2000-1208 7.2
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
17-10-2016 - 22:09 12-08-2002 - 00:00
CVE-2000-1004 4.6
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
17-10-2016 - 22:07 11-12-2000 - 00:00
CVE-2000-0994 7.2
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
17-10-2016 - 22:07 19-12-2000 - 00:00
CVE-2000-0993 7.2
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
17-10-2016 - 22:07 19-12-2000 - 00:00
CVE-1999-0798 10.0
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
17-10-2016 - 21:59 04-12-1998 - 00:00
CVE-2011-2895 9.3
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x
11-12-2015 - 21:59 19-08-2011 - 13:55
CVE-2014-7250 5.0
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets
12-12-2014 - 15:28 11-12-2014 - 22:03
CVE-2010-4755 4.0
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of se
08-08-2014 - 17:01 02-03-2011 - 15:00
CVE-2009-0689 6.8
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
25-03-2014 - 23:51 01-07-2009 - 09:00
CVE-2011-0419 4.3
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
15-11-2013 - 00:31 16-05-2011 - 13:55
CVE-2008-4609 7.1
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vect
10-10-2013 - 22:56 20-10-2008 - 13:59
CVE-2008-2476 9.3
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origi
29-10-2012 - 23:11 03-10-2008 - 11:07
CVE-2008-4247 7.5
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execu
22-10-2012 - 22:53 25-09-2008 - 15:25
CVE-2011-1013 7.2
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows l
19-03-2012 - 00:00 09-05-2011 - 15:55
CVE-2010-4754 4.0
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob express
21-09-2011 - 00:00 02-03-2011 - 15:00
CVE-2007-5365 7.2
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemo
02-08-2011 - 00:00 11-10-2007 - 06:17
CVE-2011-2168 5.0
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than C
10-06-2011 - 22:37 24-05-2011 - 19:55
CVE-1999-1214 2.1
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sen
10-03-2011 - 00:00 15-09-1997 - 00:00
CVE-2008-1058 7.8
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:05 28-02-2008 - 14:44
CVE-2008-1057 7.8
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
07-03-2011 - 22:05 28-02-2008 - 14:44
CVE-2007-2242 7.8
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
07-03-2011 - 21:53 25-04-2007 - 12:19
CVE-2007-1352 3.8
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
07-03-2011 - 21:51 05-04-2007 - 21:19
CVE-2005-0637 5.0
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.
07-03-2011 - 21:20 02-05-2005 - 00:00
CVE-2001-0247 10.0
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functi
07-03-2011 - 21:05 18-06-2001 - 00:00
CVE-2000-0092 6.2
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
07-03-2011 - 21:02 19-01-2000 - 00:00
CVE-1999-0001 5.0
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
16-12-2010 - 00:00 30-12-1999 - 00:00
CVE-2009-0780 5.0
The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.
27-04-2010 - 01:49 04-03-2009 - 06:30
CVE-2009-3572 4.9
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
08-10-2009 - 00:00 06-10-2009 - 16:30
CVE-2001-1047 1.2
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descrip
21-08-2009 - 00:07 02-06-2001 - 00:00
CVE-2009-0687 7.8
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets
11-08-2009 - 00:00 11-08-2009 - 06:30
CVE-2009-0537 4.9
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree,
21-03-2009 - 01:54 09-03-2009 - 17:30
CVE-2003-0804 5.0
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP request
10-09-2008 - 15:20 17-11-2003 - 00:00
CVE-2003-0688 5.0
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that caus
10-09-2008 - 15:20 20-10-2003 - 00:00
CVE-2002-0766 7.2
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0765 7.5
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2001-1145 6.2
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to p
10-09-2008 - 15:09 17-08-2001 - 00:00
CVE-2001-0378 2.1
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
10-09-2008 - 15:07 27-06-2001 - 00:00
CVE-2001-0284 10.0
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
10-09-2008 - 15:07 03-05-2001 - 00:00
CVE-2001-0268 7.2
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in
10-09-2008 - 15:07 03-05-2001 - 00:00
CVE-2000-0750 7.5
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
10-09-2008 - 15:05 20-10-2000 - 00:00
CVE-2000-0489 2.1
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
10-09-2008 - 15:04 05-09-1999 - 00:00
CVE-2000-0313 4.6
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
10-09-2008 - 15:04 12-03-2001 - 00:00
CVE-2000-0310 5.0
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
10-09-2008 - 15:04 12-03-2001 - 00:00
CVE-2000-0309 2.1
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
10-09-2008 - 15:04 12-03-2001 - 00:00
CVE-1999-1225 5.0
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exi
10-09-2008 - 15:01 24-08-1997 - 00:00
CVE-1999-0727 5.0
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
09-09-2008 - 08:35 06-08-1999 - 00:00
CVE-1999-0724 4.6
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
09-09-2008 - 08:35 12-08-1999 - 00:00
CVE-1999-0703 3.6
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
09-09-2008 - 08:35 03-08-1999 - 00:00
CVE-1999-0674 7.2
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
09-09-2008 - 08:35 09-08-1999 - 00:00
CVE-1999-0485 2.6
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
09-09-2008 - 08:34 19-02-1999 - 00:00
CVE-1999-0484 2.1
Buffer overflow in OpenBSD ping.
09-09-2008 - 08:34 23-02-1999 - 00:00
CVE-1999-0483 2.1
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
09-09-2008 - 08:34 25-02-1999 - 00:00
CVE-1999-0482 5.0
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
09-09-2008 - 08:34 21-03-1999 - 00:00
CVE-1999-0481 5.0
Denial of service in "poll" in OpenBSD.
09-09-2008 - 08:34 22-03-1999 - 00:00
CVE-1999-0396 2.6
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
09-09-2008 - 08:34 17-02-1999 - 00:00
CVE-1999-0323 10.0
FreeBSD mmap function allows users to modify append-only or immutable files.
09-09-2008 - 08:34 20-02-1998 - 00:00
CVE-1999-0305 5.0
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are
09-09-2008 - 08:34 01-02-1998 - 00:00
CVE-1999-0304 7.2
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
09-09-2008 - 08:34 01-02-1998 - 00:00
CVE-1999-0303 4.6
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
09-09-2008 - 08:34 21-05-1998 - 00:00
CVE-1999-0062 7.2
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
09-09-2008 - 08:33 03-08-1998 - 00:00
CVE-1999-0061 5.1
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
09-09-2008 - 08:33 02-10-1997 - 00:00
CVE-1999-0052 5.0
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
09-09-2008 - 08:33 04-11-1998 - 00:00
CVE-2008-1215 4.6
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via lon
05-09-2008 - 17:37 08-03-2008 - 21:44
CVE-2008-1148 6.8
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transa
05-09-2008 - 17:36 04-03-2008 - 18:44
CVE-2008-1147 6.8
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows r
05-09-2008 - 17:36 04-03-2008 - 18:44
CVE-2008-1146 6.8
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a seque
05-09-2008 - 17:36 04-03-2008 - 18:44
CVE-2008-0384 4.9
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name
05-09-2008 - 17:34 22-01-2008 - 15:00
CVE-2007-6700 4.3
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
05-09-2008 - 17:33 04-02-2008 - 21:00
CVE-2007-4305 6.2
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
05-09-2008 - 17:27 13-08-2007 - 17:17
CVE-2007-0343 5.0
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.
05-09-2008 - 17:17 17-01-2007 - 21:28
CVE-2006-6730 6.6
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SM
05-09-2008 - 17:15 26-12-2006 - 18:28
CVE-2006-6397 4.4
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not
05-09-2008 - 17:14 07-12-2006 - 20:28
CVE-2006-6164 7.2
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be lever
05-09-2008 - 17:14 28-11-2006 - 20:28
CVE-2006-5550 4.9
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
05-09-2008 - 17:12 26-10-2006 - 13:07
CVE-2006-5218 4.6
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the sy
05-09-2008 - 17:11 10-10-2006 - 00:06
CVE-2006-4436 5.0
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the
05-09-2008 - 17:09 28-08-2006 - 20:04
CVE-2006-4435 4.9
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
05-09-2008 - 17:09 28-08-2006 - 20:04
CVE-2006-4304 10.0
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possi
05-09-2008 - 17:09 23-08-2006 - 21:04
CVE-2006-0098 4.6
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.
05-09-2008 - 16:58 06-01-2006 - 06:03
CVE-2005-4351 4.3
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while th
05-09-2008 - 16:56 31-12-2005 - 00:00
CVE-2005-0960 5.0
Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0740 5.0
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
05-09-2008 - 16:47 13-01-2005 - 00:00
CVE-2005-0356 5.0
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes
05-09-2008 - 16:46 31-05-2005 - 00:00
CVE-2004-2338 7.5
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2230 2.1
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2163 7.5
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-1471 7.1
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format strin
05-09-2008 - 16:41 31-12-2004 - 00:00
CVE-2004-1082 7.5
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
05-09-2008 - 16:40 03-02-2004 - 00:00
CVE-2004-0171 5.0
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system
05-09-2008 - 16:37 15-03-2004 - 00:00
CVE-2003-1366 3.3
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2002-2280 2.1
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2222 5.1
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2188 4.9
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2180 6.8
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2092 3.7
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-1915 2.1
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-0572 7.2
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be re
05-09-2008 - 16:28 03-07-2002 - 00:00
CVE-2002-0557 7.5
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an inc
05-09-2008 - 16:28 03-07-2002 - 00:00
CVE-2002-0514 5.0
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0414 7.5
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload
05-09-2008 - 16:27 12-08-2002 - 00:00
CVE-2002-0381 5.0
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP br
05-09-2008 - 16:27 25-06-2002 - 00:00
CVE-2001-1559 2.1
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
05-09-2008 - 16:26 31-12-2001 - 00:00
CVE-2001-1415 4.6
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
05-09-2008 - 16:26 13-11-2001 - 00:00
CVE-2001-1244 5.0
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets
05-09-2008 - 16:26 07-07-2001 - 00:00
CVE-2001-0670 7.5
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
05-09-2008 - 16:24 03-10-2001 - 00:00
CVE-2001-0554 10.0
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0053 10.0
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-1010 10.0
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-0997 7.2
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0996 7.2
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0995 7.2
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0962 5.0
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0914 5.0
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0751 7.5
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-2000-0312 7.2
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
05-09-2008 - 16:20 12-03-2001 - 00:00
Back to Top Mark selected
Back to Top