Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Openbsd Subscribe
Filtered by product Openbsd
Total 187 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0688 6 Compaq, Freebsd, Openbsd and 3 more 6 Tru64, Freebsd, Openbsd and 3 more 2018-05-02 5.0 MEDIUM N/A
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
CVE-1999-0052 3 Bsdi, Freebsd, Openbsd 3 Bsd Os, Freebsd, Openbsd 2018-05-02 5.0 MEDIUM N/A
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
CVE-1999-0305 3 Bsdi, Freebsd, Openbsd 3 Bsd Os, Freebsd, Openbsd 2018-05-02 5.0 MEDIUM N/A
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
CVE-2000-0997 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2018-05-02 7.2 HIGH N/A
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
CVE-2000-0996 1 Openbsd 1 Openbsd 2018-05-02 7.2 HIGH N/A
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
CVE-2000-0995 1 Openbsd 1 Openbsd 2018-05-02 7.2 HIGH N/A
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
CVE-2000-0994 1 Openbsd 1 Openbsd 2018-05-02 7.2 HIGH N/A
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
CVE-2003-0466 7 Apple, Freebsd, Netbsd and 4 more 8 Mac Os X, Mac Os X Server, Freebsd and 5 more 2018-05-02 10.0 HIGH N/A
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
CVE-2000-0962 1 Openbsd 1 Openbsd 2018-05-02 5.0 MEDIUM N/A
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
CVE-2002-1221 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2018-05-02 5.0 MEDIUM N/A
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
CVE-2002-1220 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2018-05-02 5.0 MEDIUM N/A
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
CVE-2002-1219 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2018-05-02 7.5 HIGH N/A
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
CVE-2004-0418 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2018-05-02 10.0 HIGH N/A
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
CVE-2001-1047 1 Openbsd 1 Openbsd 2017-12-18 1.2 LOW N/A
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
CVE-1999-1225 5 Digital, Linux, Netbsd and 2 more 5 Ultrix, Linux Kernel, Netbsd and 2 more 2017-12-18 5.0 MEDIUM N/A
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2017-12-18 3.7 LOW N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
CVE-2017-1000373 1 Openbsd 1 Openbsd 2017-10-23 6.4 MEDIUM 6.5 MEDIUM
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
CVE-2004-0084 2 Openbsd, Xfree86 Project 2 Openbsd, X11r6 2017-10-10 10.0 HIGH N/A
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
CVE-2004-0083 2 Openbsd, Xfree86 Project 2 Openbsd, X11r6 2017-10-10 10.0 HIGH N/A
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
CVE-2004-0106 2 Openbsd, Xfree86 Project 2 Openbsd, X11r6 2017-10-10 7.2 HIGH N/A
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.