Openbsd@* Security Vulnerabilities and Issues — Openbsd@* CVE List

Lucene search

OpenbsdOpenbsd*

20 matches found

CVE•added 2004/08/06 4:0 a.m.•416 views

CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

10CVSS8.1AI score0.19739EPSS

CVE•added 2004/08/06 4:0 a.m.•65 views

CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

10CVSS7.3AI score0.14279EPSS

CVE•added 2004/08/06 4:0 a.m.•62 views

CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

10CVSS7AI score0.43031EPSS

CVE•added 2006/12/26 11:28 p.m.•62 views

CVE-2006-6730

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card ...

6.6CVSS6.9AI score0.00048EPSS

Web

CVE•added 2023/04/12 5:15 a.m.•59 views

CVE-2022-48437

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installe...

5.3CVSS5.2AI score0.00071EPSS

CVE•added 2002/03/09 5:0 a.m.•58 views

CVE-2001-0670

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

7.5CVSS7.8AI score0.1616EPSS

CVE•added 2001/09/12 4:0 a.m.•57 views

CVE-1999-1225

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

5CVSS6.9AI score0.00455EPSS

CVE•added 2004/08/06 4:0 a.m.•57 views

CVE-2004-0417

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

5CVSS6.5AI score0.04491EPSS

CVE•added 2004/08/06 4:0 a.m.•55 views

CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

10CVSS7AI score0.05252EPSS

CVE•added 2006/12/08 1:28 a.m.•55 views

CVE-2006-6397

Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is no...

4.4CVSS6.8AI score0.00154EPSS

CVE•added 2023/04/15 12:15 a.m.•54 views

CVE-2021-46880

x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.

9.8CVSS9.6AI score0.00031EPSS

CVE•added 2025/03/20 9:15 p.m.•47 views

CVE-2025-30334

In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.

7.1CVSS6.5AI score0.00058EPSS

CVE•added 1999/09/29 4:0 a.m.•46 views

CVE-1999-0484

Buffer overflow in OpenBSD ping.

2.1CVSS7.2AI score0.00134EPSS

CVE•added 1999/09/29 4:0 a.m.•45 views

CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

2.1CVSS7AI score0.00084EPSS

CVE•added 2001/01/22 5:0 a.m.•45 views

CVE-2000-0995

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

7.2CVSS7.2AI score0.00073EPSS

CVE•added 1999/09/29 4:0 a.m.•41 views

CVE-1999-0482

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

5CVSS6.9AI score0.00504EPSS

CVE•added 2001/01/22 5:0 a.m.•40 views

CVE-2000-0996

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

7.2CVSS7.1AI score0.00064EPSS

CVE•added 2003/04/02 5:0 a.m.•38 views

CVE-2002-0381

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

5CVSS7.1AI score0.00784EPSS

CVE•added 2024/11/15 8:15 p.m.•38 views

CVE-2024-10934

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

9.8CVSS9.8AI score0.00236EPSS

CVE•added 2003/04/02 5:0 a.m.•32 views

CVE-2002-0701

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

2.1CVSS6.5AI score0.00145EPSS