National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:openbsd:openbsd:2.4
There are 66 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2001-0268

The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.

Published: May 03, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0284

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.

Published: May 03, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2000-0309

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2000-0310

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0053

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

Published: February 12, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-0914

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0993

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0994

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0995

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0996

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0997

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1004

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2000-1010

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-0750

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2000-0751

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-1999-0001

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

Published: December 30, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Published: August 09, 1999; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-1999-0481

Denial of service in "poll" in OpenBSD.

Published: March 22, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0482

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Published: March 21, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Published: February 25, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW