Vulnerabilities > Openbsd

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2019-25048 Out-Of-Bounds Read vulnerability in Openbsd Libressl
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
network
openbsd CWE-125
5.8
2021-07-01 CVE-2019-25049 Out-Of-Bounds Read vulnerability in Openbsd Libressl
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
network
openbsd CWE-125
5.8
2021-06-22 CVE-2010-4816 Null Pointer Dereference vulnerability in Openbsd
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
network
low complexity
openbsd CWE-476
5.0
2021-05-11 CVE-2020-26142 Injection vulnerability in Openbsd 6.6
An issue was discovered in the kernel in OpenBSD 6.6.
network
low complexity
openbsd CWE-74
5.0
2021-03-05 CVE-2021-28041 Double Free vulnerability in multiple products
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
network
high complexity
openbsd fedoraproject netapp CWE-415
4.6
2020-07-28 CVE-2020-16088 Authorization Bypass Through User-Controlled KEY vulnerability in Openbsd
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
network
low complexity
openbsd CWE-639
7.5
2020-07-24 CVE-2020-15778 OS Command Injection vulnerability in multiple products
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument.
6.8
2020-06-29 CVE-2020-14145 Information Exposure vulnerability in multiple products
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
4.3
2020-06-01 CVE-2020-12062 Improper Input Validation vulnerability in Openbsd Openssh 8.2
** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server.
network
low complexity
openbsd CWE-20
5.0
2020-02-12 CVE-2011-3336 Resource Exhaustion vulnerability in multiple products
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
network
low complexity
php apple freebsd openbsd CWE-400
7.8