Openbsd

openbsd

Vendor: Openbsd • 198 CVEs

CVEs (198)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2003-0681 8Apple GentooHp+5 more 14Advanced Message Server AixHp Ux+11 more Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
CVE-2003-0466 7Apple FreebsdNetbsd+4 more 8Freebsd Mac Os XMac Os X Server+5 more Apr 16, 2026 Aug 27, 2003 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathname...Show more Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.Show less
CVE-2002-1420 1Openbsd 1Openbsd Apr 16, 2026 Apr 11, 2003 N/A· v4 N/A· v3 7.2 HIGH· v2 Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer,...Show more Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.Show less
CVE-2003-0144 4Bsd FreebsdLprold+1 more 4Freebsd LprLprold+1 more Apr 16, 2026 Mar 31, 2003 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line argum...Show more Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.Show less
CVE-2003-0028 10Cray FreebsdGnu+7 more 13Aix FreebsdGlibc+10 more Apr 16, 2026 Mar 25, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers...Show more Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.Show less
CVE-2003-0078 3Freebsd OpenbsdOpenssl 3Freebsd OpenbsdOpenssl Apr 16, 2026 Mar 3, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that ma...Show more ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."Show less
CVE-2002-2280 1Openbsd 1Openbsd Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent...Show more syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.Show less
CVE-2002-2222 2Freebsd Openbsd 2Openbsd Ports Collection Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.1 MEDIUM· v2 isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
CVE-2002-2188 1Openbsd 1Openbsd Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 4.9 MEDIUM· v2 OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
CVE-2002-2180 1Openbsd 1Openbsd Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness...Show more The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.Show less
CVE-2002-2092 3Freebsd NetbsdOpenbsd 3Freebsd NetbsdOpenbsd Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 3.7 LOW· v2 Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that th...Show more Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.Show less
CVE-2002-1915 3Freebsd NetbsdOpenbsd 3Freebsd NetbsdOpenbsd Apr 16, 2026 Dec 31, 2002 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
CVE-2002-1345 3Ncftp Software OpenbsdSun 4Ncftp OpenbsdSolaris+1 more Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) seque...Show more Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.Show less
CVE-2002-1221 3Freebsd IscOpenbsd 3Bind FreebsdOpenbsd Apr 16, 2026 Nov 29, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
CVE-2002-1220 3Freebsd IscOpenbsd 3Bind FreebsdOpenbsd Apr 16, 2026 Nov 29, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload...Show more BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.Show less
CVE-2002-1219 3Freebsd IscOpenbsd 3Bind FreebsdOpenbsd Apr 16, 2026 Nov 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
CVE-2002-0766 1Openbsd 1Openbsd Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 7.2 HIGH· v2 OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executin...Show more OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.Show less
CVE-2002-0765 1Openbsd 2Openbsd Openssh Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
CVE-2002-0514 1Openbsd 1Openbsd Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
CVE-2002-0414 3Freebsd NetbsdOpenbsd 3Freebsd NetbsdOpenbsd Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use E...Show more KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.Show less

Previous 1...678 9 10 Next