Filtered by vendor Openbsd
Subscribe
Total
306 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2476 | 6 Force10, Freebsd, Juniper and 3 more | 6 Ftos, Freebsd, Jnos and 3 more | 2017-09-28 | 9.3 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2017-09-28 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2010-5107 | 1 Openbsd | 1 Openssh | 2017-09-18 | 5.0 MEDIUM | N/A |
| The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. | |||||
| CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2017-09-18 | 7.5 HIGH | N/A |
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | |||||
| CVE-2009-2904 | 3 Fedoraproject, Openbsd, Redhat | 5 Fedora, Openssh, Enterprise Linux and 2 more | 2017-09-18 | 6.9 MEDIUM | N/A |
| A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. | |||||
| CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2017-09-07 | 4.0 MEDIUM | N/A |
| The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | |||||
| CVE-2016-6241 | 1 Openbsd | 1 Openbsd | 2017-08-31 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||||
| CVE-2016-6239 | 1 Openbsd | 1 Openbsd | 2017-08-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. | |||||
| CVE-2016-6240 | 1 Openbsd | 1 Openbsd | 2017-08-31 | 7.2 HIGH | 7.8 HIGH |
| Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | |||||
| CVE-2013-2125 | 1 Openbsd | 1 Opensmtpd | 2017-08-28 | 5.0 MEDIUM | N/A |
| OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||||
| CVE-2011-2895 | 5 Freebsd, Freetype, Netbsd and 2 more | 5 Freebsd, Freetype, Netbsd and 2 more | 2017-08-28 | 9.3 HIGH | N/A |
| The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. | |||||
| CVE-2011-0539 | 1 Openbsd | 1 Openssh | 2017-08-16 | 5.0 MEDIUM | N/A |
| The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. | |||||
| CVE-2009-0780 | 1 Openbsd | 1 Openbsd | 2017-08-16 | 5.0 MEDIUM | N/A |
| The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path. | |||||
| CVE-2008-4109 | 2 Debian, Openbsd | 2 Linux, Openssh | 2017-08-07 | 5.0 MEDIUM | N/A |
| A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. | |||||
| CVE-2008-3844 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Enterprise Linux Desktop | 2017-08-07 | 9.3 HIGH | N/A |
| Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. | |||||
| CVE-2008-3259 | 1 Openbsd | 1 Openssh | 2017-08-07 | 1.2 LOW | N/A |
| OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||||
| CVE-2008-1147 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2017-08-07 | 6.8 MEDIUM | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. | |||||
| CVE-2008-1215 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-08-07 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. | |||||
| CVE-2008-1146 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2017-08-07 | 6.8 MEDIUM | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. | |||||
| CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2017-08-07 | 6.8 MEDIUM | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. | |||||