Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-6397 |
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability Published: December 07, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2005-4351 |
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-0356 |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. Published: May 31, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0637 |
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. Published: May 02, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0960 |
Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). Published: May 02, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0740 |
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. Published: January 13, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-2230 |
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2004-0414 |
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0416 |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0417 |
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0418 |
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-0492 |
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2002-0701 |
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. Published: July 23, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2002-0381 |
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. Published: June 25, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2001-0670 |
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. Published: October 03, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2000-0995 |
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. Published: December 19, 2000; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2000-0996 |
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. Published: December 19, 2000; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-1999-0482 |
OpenBSD kernel crash through TSS handling, as caused by the crashme program. Published: March 21, 1999; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-1999-0483 |
OpenBSD crash using nlink value in FFS and EXT2FS filesystems. Published: February 25, 1999; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-1999-0484 |
Buffer overflow in OpenBSD ping. Published: February 23, 1999; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |