Openbsd

Openbsd

198 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.1

CVE-2004-2230

  • EPSS 0.11%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

7.5

CVE-2004-2338

  • EPSS 0.35%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

7.5

CVE-2004-0079

  • EPSS 2.28%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

5

CVE-2004-0081

  • EPSS 2.39%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5

CVE-2004-0112

  • EPSS 0.92%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

5

CVE-2004-0257

  • EPSS 2.03%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

7.5

CVE-2004-0687

  • EPSS 22.1%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

7.5

CVE-2004-0688

  • EPSS 16.03%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a ...

5

CVE-2004-0819

  • EPSS 0.74%
  • Veröffentlicht 25.08.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.

10

CVE-2004-0414

  • EPSS 5.25%
  • Veröffentlicht 06.08.2004 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary...