Lucene search
K

27 matches found

CVE
CVE
added 2004/06/23 4:0 a.m.455 views

CVE-2004-0492

Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...

10CVSS8.1AI score0.33639EPSS
CVE
CVE
added 2024/03/01 4:8 p.m.84 views

CVE-2023-52556

CVE-2023-52556 affects OpenBSD 7.4 before errata 009. The issue is a race condition in pf(4) packet processing and the expiration of packet states that can trigger a kernel panic. Impact is a local denial (kernel crash) described in the OpenBSD advisory, with no exposed remote vector. Remediation...

6.2CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.82 views

CVE-2004-0418

CVE-2004-0418 describes an out-of-bounds write vulnerability in CVS servers caused by improper handling of empty data lines in the serve_notify path. Affected CVS versions include CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue could enable remote attackers to execute arbitrary co...

10CVSS7.3AI score0.05681EPSS
CVE
CVE
added 2023/04/12 12:0 a.m.82 views

CVE-2022-48437

CVE-2022-48437 affects LibreSSL prior to 3.6.1 and OpenBSD prior to 7.2 with errata 001. The issue is in x509/x509_verify.c where x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, causing an incorrect error to be returned when a verification callback...

5.3CVSS5.2AI score0.00362EPSS
CVE
CVE
added 2024/03/01 4:14 p.m.78 views

CVE-2023-52557

OpenBSD 7.3 prior to errata 016 is affected. The npppd(8) component may crash when processing an L2TP message containing an AVP with an incorrect length. The issue is addressed by OpenBSD patch errata 016 for 7.3 (reference patches: 016_npppd.patch.sig; commit abf3a29384c582c807a621e7fc6e7c68d0ca...

7.5CVSS7.5AI score0.00555EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.77 views

CVE-2021-46880

The CVE-2021-46880 issue affects LibreSSL before 3.4.2 and OpenBSD before 7.0 errata 006, where an error for an unverified certificate chain is sometimes discarded during x509_verify.c processing, allowing authentication bypass. This is documented as a high-impact vulnerability with CVSS 3.1 vect...

9.8CVSS9.6AI score0.00568EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.75 views

CVE-2004-0416

The CVE-2004-0416 issue affects CVS servers: a double-free in error_prog_name in CVS 1.12.x (1.12.8 and earlier) and 1.11.x (1.11.16 and earlier) can enable remote attackers to execute arbitrary code via the CVS server. It can also contribute to denial of service in some contexts. Affected deploy...

10CVSS7AI score0.13206EPSS
CVE
CVE
added 2006/12/26 11:0 p.m.75 views

CVE-2006-6730

CVE-2006-6730 affects OpenBSD and NetBSD. The vulnerability allows local users to execute code with root privileges by killing the display server and writing to the X.Org /dev/xf86 device to replace the System Management Mode (SMM) handler via an SMRAM write within /dev/xf86 (the video card RAM r...

6.6CVSS6.9AI score0.00249EPSS
Web
CVE
CVE
added 2001/09/12 4:0 a.m.73 views

CVE-1999-1225

Concretely, CVE-1999-1225 affects rpc.mountd and is described in SGI IRIX advisories as allowing a remote tester to probe for the existence of files by issuing mount requests, leading to distinguishable error messages. The SGI advisory fixes this by patching/upgrading IRIX (upgrade to IRIX 6.5.23...

5CVSS6.9AI score0.0176EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.72 views

CVE-2004-0414

CVE-2004-0414 involves CVS (versions circa 1.12.x and 1.11.x) with insufficient input validation on Entry lines, leading to denial of service, data corruption, or arbitrary code execution. Connected sources confirm related issues (CVE-2004-0416, -0417, -0418) affecting CVS server behavior (Argume...

10CVSS7AI score0.03969EPSS
CVE
CVE
added 2024/12/05 7:50 p.m.72 views

CVE-2024-11148

CVE-2024-11148 affects OpenBSD 7.3 before errata 020 and OpenBSD 7.4 before errata 006, where httpd(8) is vulnerable to a NULL dereference when processing malformed FastCGI requests. The underlying issue is a null dereference in the HTTP server’s FastCGI handling path, leading to denial of servic...

8.7CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.70 views

CVE-2001-0670

CVE-2001-0670 is a remote buffer overflow in the BSD line printer daemon (in.lpd/lpd) that can allow an attacker to execute arbitrary code with elevated privileges. The vulnerability is triggered by a crafted, incomplete print job followed by a request to display the printer queue, and the attack...

7.5CVSS7.8AI score0.06607EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.70 views

CVE-2004-0417

CVS-2004-0417 involves an Integer overflow in the Max-dotdot command (serve_max_dotdot) affecting CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue can let remote attackers crash the CVS server, potentially leaving undeleted data and consuming disk space (DoS). Publicly available fi...

5CVSS6.5AI score0.03069EPSS
CVE
CVE
added 2024/03/01 4:33 p.m.66 views

CVE-2023-52558

CVE-2023-52558 affects OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019. A kernel crash can occur from a network buffer that must be split at a certain length after receiving specially crafted escape sequences. The issue arises in the m_split handling; patches 002_msplit.patch (Ope...

7.5CVSS7.5AI score0.00702EPSS
CVE
CVE
added 2006/12/08 1:0 a.m.65 views

CVE-2006-6397

The CVE-2006-6397 entry concerns an alleged integer overflow in the banner/banner.c component across FreeBSD, NetBSD, and OpenBSD. The issue is disputed by CVE and others and, because the banner is not setuid, an exploit would not cross privilege boundaries in normal operations; the notes explici...

4.4CVSS6.8AI score0.00262EPSS
CVE
CVE
added 2025/03/20 8:39 p.m.64 views

CVE-2025-30334

CVE-2025-30334 affects OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015. The issue is triggered by traffic sent over wg(4), which can cause a kernel crash. Public details in the CVE entry and patches indicate mitigations via OpenBSD patches 006_wg.patch.sig and 015_wg.patch.sig, ad...

7.1CVSS6.5AI score0.00402EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.57 views

CVE-1999-0483

OpenBSD crash vulnerability CVE-1999-0483 affects FFS and EXT2FS filesystems. The root cause is handling an improper nlink value, leading to a crash (local, with low impact on confidentiality/integrity and partial impact on availability per CVSS). Exploitation details, affected product versions, ...

2.1CVSS7AI score0.00284EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.56 views

CVE-1999-0484

The consolidated data confirms CVE-1999-0484 is a vulnerability described as a buffer overflow in OpenBSD ping. The Red Hat and CVE records reproduce the same description. No technical specifics are provided in the connected documents regarding affected versions, exact root cause details, exploit...

2.1CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.56 views

CVE-2000-0995

CVE-2000-0995 describes a format-string vulnerability in the OpenBSD yp_passwd utility (and possibly other BSD-based OSes) that can allow an attacker to gain root privileges via a malformed name. The initial description states the vulnerability and impact; a patch is referenced (028_format_string...

7.2CVSS7.2AI score0.00573EPSS
CVE
CVE
added 2024/11/15 7:20 p.m.56 views

CVE-2024-10934

CVE-2024-10934 affects OpenBSD NFS components (client and server) on OpenBSD 7.4 before errata 021 and 7.5 before errata 008, due to a mbuf double-free and use of an uninitialized variable in NFS server error handling. The vulnerability is tied to the same CVE entry across multiple feeds; patches...

9.8CVSS9.8AI score0.00424EPSS
CVE
CVE
added 2024/12/05 8:6 p.m.54 views

CVE-2024-10933

OpenBSD CVE-2024-10933 affects OpenBSD 7.4 and 7.5 prior to specific patches: readdir name validation must exclude the character '/'. The underlying issue is improper validation of readdir names that can lead to unexpected directory traversal on untrusted file systems. Affected versions: 7.4 befo...

5.5CVSS5.3AI score0.00271EPSS
CVE
CVE
added 2024/12/06 1:56 a.m.54 views

CVE-2024-11149

OpenBSD 7.4 prior to errata 014 contains a vulnerability in vmm(4) where the GDTR limits were not properly restored on Intel (VMX) CPUs. The issue affects the vmm subsystem, specifically the GDTR handling in the virtual machine monitor, leading to potential misbehavior on affected Intel VMX hosts...

7.9CVSS7.8AI score0.00134EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.52 views

CVE-1999-0482

The vulnerability CVE-1999-0482 affects the OpenBSD kernel, with the crash triggered by the crashme program during TSS handling. The issue is a kernel crash path in TSS processing; concrete affected component is the kernel’s TSS handling, but the connected documents do not provide specific affect...

5CVSS6.9AI score0.00955EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.52 views

CVE-2000-0996

CVE-2000-0996: A format-string vulnerability in the OpenBSD su utility (and possibly other BSD-based OSes) allows a local attacker to gain root privileges via a malformed shell. The issue is described in the NVD entry with a CVSS v2 base score of 7.2 (HIGH) and LOCAL, LOW–complexity conditions, e...

7.2CVSS7.1AI score0.00537EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.48 views

CVE-2002-0381

The CVE-2002-0381 entry concerns the TCP implementation in various BSD operating systems (tcp_input.c) that fails to properly block connections to broadcast addresses. This allows remote attackers to bypass filters by sending packets with a unicast link-layer address to an IP broadcast address. A...

5CVSS7.1AI score0.01978EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.41 views

CVE-2002-0701

Technical details (affected products, versions, root cause, fixes) are not publicly available in the provided connected documents; monitor for updates.

2.1CVSS6.5AI score0.00333EPSS
CVE
CVE
added 2026/06/18 7:29 p.m.29 views

CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read in sys/netmpls/mpls_input.c:mpls_do_error, allowing remote disclosure of kernel stack memory by crafting MPLS frames with 16 labels and no Bottom-of-Stack bit. Affected component is the MPLS input handling path; root cause ...

6.9CVSS5.3AI score0.00423EPSS