Filtered by vendor Openbsd
Subscriptions
Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10012 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. | ||||
| CVE-2016-1907 | 1 Openbsd | 1 Openssh | 2025-04-12 | N/A |
| The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | ||||
| CVE-2014-2653 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | ||||
| CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2025-04-12 | N/A |
| The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | ||||
| CVE-2014-9424 | 1 Openbsd | 1 Libressl | 2025-04-12 | N/A |
| Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. | ||||
| CVE-2014-2532 | 3 Openbsd, Oracle, Redhat | 3 Openssh, Communications User Data Repository, Enterprise Linux | 2025-04-12 | N/A |
| sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||||
| CVE-2016-0778 | 6 Apple, Hp, Openbsd and 3 more | 7 Mac Os X, Virtual Customer Access System, Openssh and 4 more | 2025-04-12 | N/A |
| The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. | ||||
| CVE-2016-6515 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. | ||||
| CVE-2011-4327 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. | ||||
| CVE-2011-2895 | 6 Freebsd, Freetype, Netbsd and 3 more | 7 Freebsd, Freetype, Netbsd and 4 more | 2025-04-11 | N/A |
| The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. | ||||
| CVE-2011-5000 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-11 | N/A |
| The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | ||||
| CVE-2011-0539 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. | ||||
| CVE-2010-4754 | 4 Apple, Freebsd, Netbsd and 1 more | 4 Mac Os X, Freebsd, Netbsd and 1 more | 2025-04-11 | N/A |
| The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | ||||
| CVE-2010-4755 | 3 Freebsd, Netbsd, Openbsd | 4 Freebsd, Netbsd, Openbsd and 1 more | 2025-04-11 | N/A |
| The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. | ||||
| CVE-2011-1013 | 3 Linux, Openbsd, Redhat | 4 Linux Kernel, Openbsd, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. | ||||
| CVE-2012-0814 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. | ||||
| CVE-2010-5107 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-11 | N/A |
| The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. | ||||
| CVE-2011-0419 | 10 Apache, Apple, Debian and 7 more | 12 Http Server, Portable Runtime, Mac Os X and 9 more | 2025-04-11 | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | ||||
| CVE-2011-2168 | 1 Openbsd | 1 Openbsd | 2025-04-11 | N/A |
| Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. | ||||
| CVE-2010-4478 | 1 Openbsd | 1 Openssh | 2025-04-11 | N/A |
| OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | ||||