threat
engine
.sh
Back
·
··:··
Home
/
Product
/
openbsd
Product
openbsd
332 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41285
<= 7.8
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND
4.3
MEDIUM
CVE-2026-35414
< 10.3
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunct
4.2
MEDIUM
CVE-2026-35388
< 10.3
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
2.5
LOW
CVE-2026-35387
< 10.3
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAc
3.1
LOW
CVE-2026-35386
< 10.3
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a
3.6
LOW
CVE-2026-35385
< 10.3
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectation
7.5
HIGH
CVE-2025-32728
>= 7.4 and < 10.0
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11
4.3
MEDIUM
CVE-2025-30334
< 7.5
In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.
6.5
MEDIUM
CVE-2025-26466
all versions
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buff
5.9
MEDIUM
CVE-2025-26465
>= 6.9 and <= 9.8
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed
6.8
MEDIUM
CVE-2024-11149
< 7.4
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.
7.9
HIGH
CVE-2024-11148
< 7.3
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a m
7.5
HIGH
CVE-2024-10933
< 7.4
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected
5.0
MEDIUM
CVE-2024-10934
< 7.4
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server impl
9.8
CRITICAL
CVE-2024-6387
< 4.4
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to
8.1
HIGH
CVE-2021-35000
all versions
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attack
3.3
LOW
CVE-2021-34999
all versions
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attack
5.5
MEDIUM
CVE-2024-29937
<= 7.4
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute
9.8
CRITICAL
CVE-2023-52558
< 7.3
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that
7.5
HIGH
CVE-2023-52557
< 7.3
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length
7.5
HIGH
CVE-2023-52556
< 7.4
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause
6.2
MEDIUM
CVE-2023-51767
all versions
OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the i
7.0
HIGH
CVE-2023-51385
< 9.6
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name
6.5
MEDIUM
CVE-2023-51384
>= 8.9 and < 9.6
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are
5.5
MEDIUM
CVE-2023-48795
< 9.6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker
5.9
MEDIUM
CVE-2023-40216
all versions
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect
5.5
MEDIUM
CVE-2023-38408
< 9.3
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code exe
9.8
CRITICAL
CVE-2023-35784
all versions
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in Lib
9.8
CRITICAL
CVE-2021-46880
< 7.0
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for
9.8
CRITICAL
CVE-2022-48437
< 7.2
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_
5.3
MEDIUM
CVE-2023-29323
all versions
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-porta
7.8
HIGH
CVE-2023-28531
>= 8.9 and < 9.3
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest
9.8
CRITICAL
CVE-2023-27567
all versions
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
7.5
HIGH
CVE-2023-25136
all versions
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH
6.5
MEDIUM
CVE-2022-27882
all versions
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerab
7.5
HIGH
CVE-2022-27881
all versions
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with
7.5
HIGH
CVE-2021-36368
< 8.9
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -o
3.7
LOW
CVE-2021-41617
>= 6.2 and < 8.8
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because
7.0
HIGH
CVE-2021-41581
<= 3.4.0
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-re
5.5
MEDIUM
CVE-2016-20012
<= 8.7
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known t
5.3
MEDIUM
CVE-2019-25049
>= 2.9.1 and <= 3.2.1
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
7.1
HIGH
CVE-2019-25048
>= 2.9.1 and <= 3.2.1
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print
7.1
HIGH
CVE-2010-4816
all versions
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denia
7.5
HIGH
CVE-2020-26142
all versions
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full
5.3
MEDIUM
CVE-2021-28041
>= 8.2 and < 8.5
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent
7.1
HIGH
CVE-2020-16088
<= 6.7
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking wheth
9.8
CRITICAL
CVE-2020-15778
< 8.3
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in th
7.4
HIGH
CVE-2020-14145
>= 5.7 and < 8.4
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiati
5.9
MEDIUM
CVE-2020-12062
all versions
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows
7.5
HIGH
CVE-2011-3336
all versions
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
7.5
HIGH
CVE-2020-7247
all versions
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute ar
9.8
CRITICAL
CVE-2015-5333
< 2.3.1
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory cons
7.5
HIGH
CVE-2015-5334
< 2.3.1
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (progra
9.8
CRITICAL
CVE-2012-5663
< 1.47.01nb1
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a pub
7.5
HIGH
CVE-2019-19726
<= 6.6
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated
7.8
HIGH
CVE-2019-14899
all versions
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adj
7.4
HIGH
CVE-2012-1577
all versions
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
9.8
CRITICAL
CVE-2019-19522
all versions
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by
7.8
HIGH
CVE-2019-19521
all versions
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This i
9.8
CRITICAL
CVE-2019-19520
all versions
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment var
7.8
HIGH
CVE-2019-19519
all versions
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic er
7.8
HIGH
CVE-2019-16905
>= 7.7 and <= 7.9
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow
7.8
HIGH
CVE-2019-8460
<= 6.5
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_o
7.5
HIGH
CVE-2019-6111
<= 7.9
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/
5.9
MEDIUM
CVE-2019-6110
<= 7.9
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle
6.8
MEDIUM
CVE-2019-6109
<= 7.9
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-T
6.8
MEDIUM
CVE-2018-20685
<= 7.9
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or
5.3
MEDIUM
CVE-2018-15919
>= 5.9 and <= 7.8
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users
5.3
MEDIUM
CVE-2018-15473
<= 7.7
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user un
5.3
MEDIUM
CVE-2018-14775
all versions
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O por
5.5
MEDIUM
CVE-2018-12434
< 2.6.5
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return
4.7
MEDIUM
CVE-2018-8970
all versions
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain s
7.4
HIGH
CVE-2016-10708
< 7.4
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an
7.5
HIGH
CVE-2017-15906
< 7.6
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, whic
5.3
MEDIUM
CVE-2015-7687
<= 5.7.1
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arb
9.8
CRITICAL
CVE-2017-1000373
<= 6.1
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements
6.5
MEDIUM
CVE-2017-1000372
<= 6.1
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code e
9.8
CRITICAL
CVE-2017-8301
all versions
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verifica
5.3
MEDIUM
CVE-2016-1908
< 7.2
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 serv
9.8
CRITICAL
CVE-2017-5850
all versions
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large fi
7.5
HIGH
CVE-2016-6522
all versions
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (
5.5
MEDIUM
CVE-2016-6350
all versions
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a
5.5
MEDIUM
CVE-2016-6247
all versions
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open
5.5
MEDIUM
CVE-2016-6246
all versions
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mount
4.4
MEDIUM
CVE-2016-6245
all versions
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
5.5
MEDIUM
CVE-2016-6243
all versions
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted
5.5
MEDIUM
CVE-2016-6242
all versions
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value i
5.5
MEDIUM
CVE-2016-6241
all versions
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privi
7.8
HIGH
CVE-2016-6240
all versions
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kerne
7.8
HIGH
CVE-2016-6239
all versions
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via
5.5
MEDIUM
CVE-2016-6244
all versions
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (p
7.5
HIGH
CVE-2016-6210
<= 7.2
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password w
5.9
MEDIUM
CVE-2016-10012
<= 7.3
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bo
7.8
HIGH
CVE-2016-10011
<= 7.3
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow l
6.2
MEDIUM
CVE-2016-10010
<= 7.3
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allo
7.0
HIGH
CVE-2016-10009
<= 7.3
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary
7.3
HIGH
CVE-2016-8858
all versions
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (m
7.5
HIGH
CVE-2016-6515
<= 7.2
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authenticat
7.5
HIGH
CVE-2015-8325
<= 7.2
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configure
7.8
HIGH
CVE-2016-3115
<= 7.2
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass in
6.4
MEDIUM
CVE-2016-1907
all versions
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-o
5.3
MEDIUM
CVE-2016-0778
all versions
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2,
8.1
HIGH
CVE-2016-0777
all versions
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obt
6.5
MEDIUM
CVE-2015-6565
all versions
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service
CVE-2015-6564
<= 6.9
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD plat
7.0
HIGH
CVE-2015-6563
<= 6.9
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_I
6.4
MEDIUM
CVE-2015-5600
<= 6.9
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keybo
8.1
HIGH
CVE-2015-5352
<= 6.8
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of
CVE-2014-9424
<= 2.1.1
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote a
CVE-2014-7250
all versions
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement
CVE-2014-9278
all versions
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote aut
CVE-2013-2125
<= 5.3.1
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connecti
CVE-2014-2653
<= 6.6
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skippin
6.5
MEDIUM
CVE-2014-2532
<= 6.5
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to
4.2
MEDIUM
CVE-2011-4327
<= 5.8
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descr
5.5
MEDIUM
CVE-2014-1692
<= 6.4
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does no
7.3
HIGH
CVE-2013-4548
all versions
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not prope
CVE-2010-5107
<= 6.1
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing
7.5
HIGH
CVE-2011-5000
<= 5.8
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allo
CVE-2012-0814
<= 5.6
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys
6.5
MEDIUM
CVE-2011-2895
<= 3.7
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compres
CVE-2011-2168
<= 4.8
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to hav
CVE-2011-0419
all versions
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before
CVE-2011-1013
<= 4.8
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) su
CVE-2010-4755
all versions
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in Free
CVE-2010-4754
all versions
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6
CVE-2011-0539
all versions
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-lin
7.5
HIGH
CVE-2010-4478
<= 5.6
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which al
9.8
CRITICAL
CVE-2009-3572
all versions
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to ca
CVE-2009-2904
all versions
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise
CVE-2009-0687
all versions
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and e
CVE-2009-0689
all versions
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/
CVE-2009-0537
<= 4.4
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.
CVE-2009-0780
all versions
The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service (app
CVE-2008-5161
all versions
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.
3.7
LOW
CVE-2008-4609
all versions
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably othe
CVE-2008-2476
all versions
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4)
CVE-2008-4247
all versions
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP c
CVE-2008-4109
<= 4.3p2
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such a
CVE-2008-3844
all versions
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key,
CVE-2008-3259
<= 5.0
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows lo
CVE-2008-3234
all versions
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to ar
CVE-2008-1657
all versions
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modify
CVE-2008-1483
all versions
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to
CVE-2008-1215
all versions
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD
CVE-2008-1058
all versions
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via cr
CVE-2008-1057
all versions
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via mal
CVE-2007-6700
all versions
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote at
CVE-2008-0384
all versions
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface tha
CVE-2007-3102
all versions
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other s
CVE-2007-5365
all versions
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd im
CVE-2007-4752
<= 4.6
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instea
CVE-2007-4654
all versions
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) ser
CVE-2007-2768
all versions
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain
CVE-2007-2243
all versions
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of us
CVE-2007-1352
all versions
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute
CVE-2007-1351
all versions
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and e
CVE-2007-1365
all versions
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6
CVE-2007-0343
<= 4.0
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6
CVE-2007-0085
all versions
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel i
CVE-2006-6730
all versions
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local use
CVE-2006-6397
all versions
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. N
CVE-2006-6164
all versions
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment varia
CVE-2006-5794
<= 4.4
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentic
CVE-2006-5550
all versions
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certai
CVE-2006-5229
all versions
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows r
CVE-2006-5218
all versions
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to c
CVE-2006-4925
all versions
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence wi
CVE-2006-5052
all versions
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the
CVE-2006-5051
<= 4.4
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly exe
8.1
HIGH
CVE-2006-4924
all versions
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consu
CVE-2006-4436
all versions
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when
CVE-2006-4435
all versions
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by
CVE-2006-4304
all versions
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3
CVE-2006-0883
all versions
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM
CVE-2006-0225
all versions
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, whi
CVE-2006-0098
all versions
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using se
CVE-2005-4351
<= 3.8
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows
CVE-2005-2798
all versions
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who lo
CVE-2005-2797
all versions
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address i
CVE-2005-2666
all versions
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintex
CVE-2005-0356
all versions
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remo
CVE-2005-0960
all versions
Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attack
CVE-2005-0637
all versions
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow a
CVE-2005-0740
all versions
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted
CVE-2004-2760
all versions
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the
CVE-2004-2338
all versions
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64,
CVE-2004-2230
all versions
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corru
CVE-2004-2163
all versions
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS
CVE-2004-2069
all versions
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the n
CVE-2004-1799
all versions
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface
CVE-2004-1471
all versions
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVS
CVE-2004-0257
all versions
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a
CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5
HIGH
CVE-2004-0688
all versions
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) Pa
CVE-2004-0687
all versions
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in
CVE-2004-1653
<= 3.9
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port b
CVE-2004-0819
all versions
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option fo
CVE-2004-0175
all versions
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. N
CVE-2004-0492
all versions
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of s
CVE-2004-0418
all versions
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow
CVE-2004-0417
all versions
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.1
CVE-2004-0416
all versions
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remot
CVE-2004-0414
all versions
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL ter
CVE-2004-0482
all versions
Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.
CVE-2004-0222
<= 3.4
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion
CVE-2004-0221
<= 3.4
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete
CVE-2004-0220
<= 3.4
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert
CVE-2004-0219
<= 3.4
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malfor
CVE-2004-0218
<= 3.4
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with
CVE-2004-0171
all versions
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of
CVE-2004-0114
<= 2.6
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6
CVE-2004-0106
all versions
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnera
CVE-2004-0084
all versions
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows loca
CVE-2004-0083
all versions
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute
CVE-2004-1082
all versions
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which al
CVE-2003-1562
all versions
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not
CVE-2003-1366
all versions
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary fil
CVE-2003-0955
all versions
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3
CVE-2003-0804
all versions
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote att
CVE-2003-0787
all versions
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows
CVE-2003-0786
all versions
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check
CVE-2003-0688
all versions
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data stru
CVE-2003-0695
<= 3.7.1
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary
CVE-2003-0682
<= 3.7.1
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-200
CVE-2003-0681
all versions
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final
CVE-2003-0693
<= 3.7
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitr
CVE-2003-0466
>= 2.0 and <= 3.3
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbit
9.8
CRITICAL
CVE-2003-0386
all versions
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows rem
CVE-2003-0190
< 3.6.1
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not ex
CVE-2002-1420
all versions
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a nega
CVE-2003-0144
all versions
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other
CVE-2003-0028
all versions
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries
CVE-2003-0078
all versions
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect b
CVE-2002-2280
all versions
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is chan
CVE-2002-2222
all versions
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial o
CVE-2002-2188
all versions
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid argument
CVE-2002-2180
all versions
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to wri
CVE-2002-2092
all versions
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gai
CVE-2002-1915
all versions
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock(
5.5
MEDIUM
CVE-2002-1345
all versions
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwr
CVE-2002-1221
all versions
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times,
CVE-2002-1220
all versions
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request
CVE-2002-1219
all versions
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execu
CVE-2002-0766
all versions
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling
CVE-2002-0765
all versions
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and
CVE-2002-0514
all versions
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a
CVE-2002-0414
all versions
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Sec
CVE-2002-0391
all versions
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC in
9.8
CRITICAL
CVE-2000-1208
all versions
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain p
CVE-2002-0701
all versions
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privile
CVE-2002-0640
all versions
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of re
CVE-2002-0639
>= 2.9.9 and <= 3.3
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response
9.8
CRITICAL
CVE-2002-0572
all versions
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted fi
CVE-2002-0557
all versions
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another us
CVE-2002-0542
all versions
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which cou
CVE-2002-0381
all versions
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses,
CVE-2002-0575
all versions
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
CVE-2002-0083
>= 2.0 and < 3.1
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privilege
9.8
CRITICAL
CVE-2001-1585
all versions
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 throu
CVE-2001-1559
all versions
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values
5.5
MEDIUM
CVE-2001-1507
all versions
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unc
CVE-2001-0872
<= 3.0.1
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which
CVE-2001-0816
<= 2.9.9
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypa
CVE-2001-1415
all versions
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
CVE-2001-1380
<= 2.9.9
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not prope
CVE-2001-0670
all versions
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execu
CVE-2001-1382
<= 2.9.9p2
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password
CVE-2001-1029
all versions
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright
CVE-2001-0572
all versions
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remot
CVE-2001-1145
<= 2.9
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a d
CVE-2001-0554
all versions
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary comma
CVE-2001-0529
<= 2.9
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symli
CVE-2001-1244
all versions
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting t
CVE-2001-0378
<= 2.8
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker
CVE-2001-0361
all versions
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in
CVE-2001-1459
all versions
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, wh
CVE-2001-0402
all versions
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass
CVE-2001-0247
all versions
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containi
CVE-2001-1047
all versions
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread
CVE-2001-0284
<= 2.8
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service
CVE-2001-0268
<= 2.8
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, d
CVE-2001-0144
all versions
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client
CVE-2000-0313
all versions
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
CVE-2000-0312
all versions
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron'
CVE-2000-0310
all versions
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented
CVE-2000-0309
all versions
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
CVE-2001-0053
all versions
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
CVE-2000-1169
all versions
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gai
CVE-2000-0997
all versions
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to
CVE-2000-0996
all versions
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain
CVE-2000-0995
all versions
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain
CVE-2000-0994
all versions
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain r
CVE-2000-0993
all versions
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed
CVE-2000-0992
all versions
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a ..
CVE-2000-0962
all versions
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a de
CVE-2000-0914
all versions
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
CVE-2000-1010
all versions
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary com
CVE-2000-1004
all versions
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directo
CVE-2000-0999
all versions
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root
CVE-2000-0751
all versions
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote a
CVE-2000-0750
all versions
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via
CVE-2000-0574
all versions
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used
CVE-2000-0525
all versions
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary comma
CVE-2000-0217
all versions
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a m
CVE-2000-0143
<= 1.2.1
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the
CVE-2000-0092
all versions
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
CVE-1999-0001
all versions
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted
CVE-1999-1010
all versions
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
CVE-2000-0489
all versions
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the s
CVE-1999-0724
all versions
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
CVE-1999-0674
all versions
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-1999-0727
all versions
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
CVE-1999-0703
all versions
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
CVE-1999-0481
all versions
Denial of service in "poll" in OpenBSD.
CVE-1999-0482
all versions
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
CVE-1999-0483
all versions
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
CVE-1999-0484
all versions
Buffer overflow in OpenBSD ping.
CVE-1999-0485
all versions
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
CVE-1999-0396
all versions
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of servic
CVE-1999-0798
all versions
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE-1999-0052
all versions
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
7.5
HIGH
CVE-1999-0062
all versions
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
CVE-1999-0303
all versions
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVE-1999-0323
all versions
FreeBSD mmap function allows users to modify append-only or immutable files.
CVE-1999-0305
all versions
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and e
CVE-1999-0304
all versions
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
CVE-1999-0061
all versions
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
CVE-1999-1214
all versions
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, wh
CVE-1999-1225
all versions
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin