Medium
CVE-2004-0114
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's r…
Tag: OpenBSD
All CVEs associated with "OpenBSD". Page 2/2 • 169 CVEs.
Subscribe CVEs: RSS for “OpenBSD” · RSS (High+Critical only)
About “OpenBSD”
A curated feed of “OpenBSD”-related CVEs appears below. We currently track 169 CVEs for this tag (all time). In the last 365 days, 4 were published. Average CVSS is 6.2 (all time; 5.7 over 365d), and 41% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1284 - Improper Validation of Specified Quantity in Input, CWE-190 - Integer Overflow or Wraparound.
In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2004-03-03
2003-12-31
Low
CVE-2003-1366
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
Medium
CVE-2003-1418
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, wh…
2003-12-15
Medium
CVE-2003-0955
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled…
2003-04-11
High
CVE-2002-1420
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check…
2003-03-31
High
CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via lo…
2002-12-31
Low
CVE-2002-2092
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel h…
Medium
CVE-2002-2180
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via a…
Medium
CVE-2002-2188
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
Medium
CVE-2002-2222
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out…
Low
CVE-2002-2280
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect i…
2002-08-12
Medium
CVE-2002-0514
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default…
High
CVE-2002-0766
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1,…
2002-07-03
High
CVE-2002-0542
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cro…
High
CVE-2002-0557
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, p…
Critical
CVE-2002-0640
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is usin…
2001-12-31
Medium
CVE-2001-1559
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial…
2001-11-13
Medium
CVE-2001-1415
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
2001-08-17
Medium
CVE-2001-1145
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current…
2001-06-27
Low
CVE-2001-0378
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history fil…
2001-06-02
Low
CVE-2001-1047
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL…
2001-05-03
High
CVE-2001-0268
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain…
Critical
CVE-2001-0284
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authenticati…
2001-03-12
Low
CVE-2000-0309
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
Medium
CVE-2000-0310
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
High
CVE-2000-0312
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
Medium
CVE-2000-0313
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
2000-12-19
Medium
CVE-2000-0914
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
Medium
CVE-2000-0962
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
High
CVE-2000-0994
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
High
CVE-2000-0995
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
High
CVE-2000-0996
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
High
CVE-2000-0997
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
2000-12-11
Critical
CVE-2000-0999
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
Medium
CVE-2000-1004
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
Critical
CVE-2000-1010
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
2000-07-07
Medium
CVE-2000-0574
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), w…
1999-09-05
Low
CVE-2000-0489
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then…
1999-08-12
Medium
CVE-1999-0724
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
1999-08-06
Medium
CVE-1999-0727
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
1999-08-03
Low
CVE-1999-0703
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
1999-03-22
Medium
CVE-1999-0481
Denial of service in "poll" in OpenBSD.
1999-03-21
Medium
CVE-1999-0482
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
1999-02-25
Low
CVE-1999-0483
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
1999-02-23
Low
CVE-1999-0484
Buffer overflow in OpenBSD ping.
1999-02-19
Low
CVE-1999-0485
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
1998-12-04
Critical
CVE-1999-0798
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
1998-08-03
High
CVE-1999-0062
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
1998-02-01
Medium
CVE-1999-0305
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when th…