Openbsd

Openbsd

194 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-0637

  • EPSS 0.54%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.

5

CVE-2005-0960

  • EPSS 0.76%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).

5

CVE-2005-0740

Exploit
  • EPSS 0.92%
  • Published 13.01.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.

7.1

CVE-2004-1471

  • EPSS 5.95%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format strin...

7.5

CVE-2004-1799

  • EPSS 0.35%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

7.5

CVE-2004-2163

  • EPSS 1.15%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

2.1

CVE-2004-2230

  • EPSS 0.11%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

7.5

CVE-2004-2338

  • EPSS 0.35%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

7.5

CVE-2004-0079

  • EPSS 2.06%
  • Published 23.11.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

5

CVE-2004-0081

  • EPSS 2.27%
  • Published 23.11.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.