Openbsd

Openbsd

194 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2004-0112

  • EPSS 0.67%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

5

CVE-2004-0257

  • EPSS 2.03%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

7.5

CVE-2004-0687

  • EPSS 19.95%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

7.5

CVE-2004-0688

  • EPSS 16.03%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a ...

5

CVE-2004-0819

  • EPSS 0.74%
  • Veröffentlicht 25.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.

10

CVE-2004-0414

  • EPSS 5.25%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary...

10

CVE-2004-0416

  • EPSS 43.03%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

5

CVE-2004-0417

  • EPSS 4.49%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consu...

10

CVE-2004-0418

  • EPSS 14.28%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical prog...

10

CVE-2004-0492

  • EPSS 21.04%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes...