Vulnerabilities (CVE)

Filtered by vendor Openbsd Subscribe
Filtered by product Openbsd
Total 204 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0689 5 Freebsd, K-meleon Project, Mozilla and 2 more 6 Freebsd, K-meleon, Firefox and 3 more 2025-04-09 6.8 MEDIUM N/A
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
CVE-2004-0171 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2025-04-03 5.0 MEDIUM N/A
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
CVE-2004-1799 1 Openbsd 1 Openbsd 2025-04-03 7.5 HIGH N/A
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
CVE-2000-0310 1 Openbsd 1 Openbsd 2025-04-03 5.0 MEDIUM N/A
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
CVE-1999-0323 4 Bsdi, Freebsd, Netbsd and 1 more 4 Bsd Os, Freebsd, Netbsd and 1 more 2025-04-03 10.0 HIGH N/A
FreeBSD mmap function allows users to modify append-only or immutable files.
CVE-2000-0312 1 Openbsd 1 Openbsd 2025-04-03 7.2 HIGH N/A
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
CVE-1999-0798 5 Bsdi, Freebsd, Openbsd and 2 more 7 Bsd Os, Freebsd, Openbsd and 4 more 2025-04-03 10.0 HIGH N/A
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE-2002-0414 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-03 7.5 HIGH N/A
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
CVE-1999-0482 1 Openbsd 1 Openbsd 2025-04-03 5.0 MEDIUM N/A
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
CVE-2004-0688 4 Openbsd, Suse, X.org and 1 more 4 Openbsd, Suse Linux, X11r6 and 1 more 2025-04-03 7.5 HIGH N/A
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2006-4435 1 Openbsd 1 Openbsd 2025-04-03 4.9 MEDIUM N/A
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
CVE-2002-1220 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2025-04-03 5.0 MEDIUM N/A
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
CVE-2002-0701 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2025-04-03 2.1 LOW N/A
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
CVE-2000-0751 3 Netbsd, Openbsd, Redhat 3 Netbsd, Openbsd, Linux 2025-04-03 7.5 HIGH N/A
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
CVE-2001-1559 1 Openbsd 1 Openbsd 2025-04-03 2.1 LOW 5.5 MEDIUM
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2025-04-03 5.0 MEDIUM N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2005-0740 1 Openbsd 1 Openbsd 2025-04-03 5.0 MEDIUM N/A
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
CVE-2004-0083 2 Openbsd, Xfree86 Project 2 Openbsd, X11r6 2025-04-03 10.0 HIGH N/A
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
CVE-2004-0418 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2025-04-03 10.0 HIGH N/A
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-03 3.7 LOW N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.