Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openbsd
(Openbsd)| Repositories | https://github.com/openbsd/src |
| #Vulnerabilities | 185 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-03 | CVE-2023-27567 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | Openbsd | 7.5 | ||
| 2019-12-11 | CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Freebsd, Linux_kernel, Openbsd | 7.4 | ||
| 2011-05-09 | CVE-2011-1013 | Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. | Linux_kernel, Openbsd | N/A | ||
| 2004-10-20 | CVE-2004-0687 | Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. | Openbsd, Suse_linux, X11r6, X11r6 | N/A | ||
| 2008-10-20 | CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | Bsd, Bsd_os, Catalyst_blade_switch_3020_firmware, Catalyst_blade_switch_3120_firmware, Catalyst_blade_switch_3120x_firmware, Ios, Dragonflybsd, Freebsd, Linux_kernel, Windows_2000, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp, Midnightbsd, Netbsd, Openbsd, Solaris, Trustedbsd | N/A | ||
| 1997-10-02 | CVE-1999-0061 | File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | Bsd_os, Freebsd, Linux_kernel, Openbsd | N/A | ||
| 1998-02-01 | CVE-1999-0304 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. | Bsd_os, Freebsd, Netbsd, Openbsd | N/A | ||
| 1998-05-21 | CVE-1999-0303 | Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | Osf_1, Netbsd, Openbsd, Solaris, Sunos | N/A | ||
| 1999-02-17 | CVE-1999-0396 | A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. | Netbsd, Openbsd | N/A | ||
| 2022-03-25 | CVE-2022-27881 | engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | Openbsd | 7.5 |