National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:openbsd:openbsd:3.8
There are 34 matching records.
Displaying matches 21 through 34.
Vuln ID Summary CVSS Severity
CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-0417

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2002-0701

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

Published: July 23, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0381

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0670

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Published: October 03, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2000-0995

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0996

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-1999-0482

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Published: March 21, 1999; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Published: February 25, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-0484

Buffer overflow in OpenBSD ping.

Published: February 23, 1999; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-1999-1225

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

Published: August 24, 1997; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM