Openbsd

Openbsd

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 7.72%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:07:46

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format strin...

  • EPSS 1.46%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:25

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

  • EPSS 1.7%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:08

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

  • EPSS 0.35%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:16

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

  • EPSS 1.49%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:28

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

  • EPSS 9.54%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:53

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • EPSS 7.23%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:53

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • EPSS 10.42%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:04:57

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...

  • EPSS 2.47%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:16

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

  • EPSS 8.05%
  • Veröffentlicht 20.10.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:09

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.