Vulnerabilities > Openbsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-26 | CVE-2021-41617 | Improper Privilege Management vulnerability in multiple products sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. | 4.4 |
| 2021-09-24 | CVE-2021-41581 | Out-of-bounds Read vulnerability in Openbsd Libressl x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. | 4.3 |
| 2021-09-15 | CVE-2016-20012 | Unspecified vulnerability in Openbsd Openssh OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. network openbsd | 4.3 |
| 2021-07-01 | CVE-2019-25048 | Out-of-bounds Read vulnerability in Openbsd Libressl LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | 5.8 |
| 2021-07-01 | CVE-2019-25049 | Out-of-bounds Read vulnerability in Openbsd Libressl LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | 5.8 |
| 2021-06-22 | CVE-2010-4816 | NULL Pointer Dereference vulnerability in Openbsd It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. | 5.0 |
| 2021-05-11 | CVE-2020-26142 | Injection vulnerability in Openbsd 6.6 An issue was discovered in the kernel in OpenBSD 6.6. | 2.6 |
| 2021-03-05 | CVE-2021-28041 | Double Free vulnerability in multiple products ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | 4.6 |
| 2020-07-28 | CVE-2020-16088 | Authorization Bypass Through User-Controlled Key vulnerability in Openbsd iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. | 7.5 |
| 2020-07-24 | CVE-2020-15778 | OS Command Injection vulnerability in multiple products ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. | 6.8 |