Filtered by vendor Openbsd
Subscribe
Total
318 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-16088 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. | |||||
CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||||
CVE-2019-16905 | 3 Netapp, Openbsd, Siemens | 7 Cloud Backup, Steelstore Cloud Integrated Storage, Openssh and 4 more | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | |||||
CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |||||
CVE-2019-19521 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c). | |||||
CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | |||||
CVE-2019-14899 | 4 Apple, Freebsd, Linux and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2024-02-04 | 4.9 MEDIUM | 7.4 HIGH |
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | |||||
CVE-2019-19726 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | |||||
CVE-2019-19520 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | |||||
CVE-2019-19519 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | |||||
CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | |||||
CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | |||||
CVE-2011-3336 | 4 Apple, Freebsd, Openbsd and 1 more | 4 Mac Os X, Freebsd, Openbsd and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | |||||
CVE-2019-8460 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. | |||||
CVE-2019-6724 | 4 Apple, Barracuda, Linux and 1 more | 4 Mac Os X, Vpn Client, Linux Kernel and 1 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | |||||
CVE-2018-14775 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. | |||||
CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | |||||
CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | |||||
CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-02-04 | 4.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. |