CVEs (198)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expre...Show more |
In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. |
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. |
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. |
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. |
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. |
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An atta...Show more |
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An atta...Show more |
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. |
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. |
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
|
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
|
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequen...Show more |
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. |
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. |
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore...Show more |
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. |
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. |
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can preve...Show more |
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitati...Show more |