Openbsd

openbsd

Vendor: Openbsd • 198 CVEs

CVEs (198)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-6245 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
CVE-2016-6243 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
CVE-2016-6242 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
CVE-2016-6241 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
CVE-2016-6240 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
CVE-2016-6239 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
CVE-2016-6244 1Openbsd 1Openbsd May 13, 2026 Mar 7, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
CVE-2014-7250 4Bsd FreebsdNetbsd+1 more 4Bsd FreebsdNetbsd+1 more May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource co...Show more The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.Show less
CVE-2011-2895 5Freebsd FreetypeNetbsd+2 more 5Freebsd FreetypeLibxfont+2 more Apr 29, 2026 Aug 19, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x an...Show more The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.Show less
CVE-2011-2168 1Openbsd 1Openbsd Apr 29, 2026 May 24, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS f...Show more Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.Show less
CVE-2011-0419 9Apache AppleDebian+6 more 10Android Debian LinuxFreebsd+7 more Apr 29, 2026 May 16, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, O...Show more Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Show less
CVE-2011-1013 2Linux Openbsd 2Linux Kernel Openbsd Apr 29, 2026 May 9, 2011 N/A· v4 N/A· v3 7.2 HIGH· v2 Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel...Show more Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.Show less
CVE-2010-4755 3Freebsd NetbsdOpenbsd 4Freebsd NetbsdOpenbsd+1 more Apr 29, 2026 Mar 2, 2011 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated...Show more The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.Show less
CVE-2010-4754 4Apple FreebsdNetbsd+1 more 4Freebsd Mac Os XNetbsd+1 more Apr 29, 2026 Mar 2, 2011 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consump...Show more The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Show less
CVE-2009-3572 1Openbsd 1Openbsd Apr 23, 2026 Oct 6, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
CVE-2009-0687 4Midnightbsd MirbsdNetbsd+1 more 4Midnightbsd MirosNetbsd+1 more Apr 23, 2026 Aug 11, 2009 N/A· v4 N/A· v3 7.8 HIGH· v2 The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (...Show more The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.Show less
CVE-2009-0689 5Freebsd K Meleon ProjectMozilla+2 more 6Firefox FreebsdK Meleon+3 more Apr 23, 2026 Jul 1, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6....Show more Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.Show less
CVE-2009-0537 2Microsoft Openbsd 2Interix Openbsd Apr 23, 2026 Mar 9, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application cras...Show more Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.Show less
CVE-2009-0780 1Openbsd 1Openbsd Apr 23, 2026 Mar 4, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (application crash) via an Autonomous System (AS) advertisement containing a long AS path.
CVE-2008-4609 12Bsd BsdiCisco+9 more 19Bsd Bsd OsCatalyst Blade Switch 3020 Firmware+16 more Apr 23, 2026 Oct 20, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue...Show more The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Show less

Previous 1 234 5...10 Next