Vulnerabilities > Openbsd > Openbsd

DATE CVE VULNERABILITY TITLE RISK
2023-08-10 CVE-2023-40216 Missing Authorization vulnerability in Openbsd 7.3
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation.
local
low complexity
openbsd CWE-862
5.5
2023-06-16 CVE-2023-35784 Use After Free vulnerability in Openbsd Libressl and Openbsd
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3.
network
low complexity
openbsd CWE-416
critical
9.8
2023-04-15 CVE-2021-46880 Improper Certificate Validation vulnerability in Openbsd
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
network
low complexity
openbsd CWE-295
critical
9.8
2023-04-12 CVE-2022-48437 Improper Certificate Validation vulnerability in Openbsd
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001.
network
low complexity
openbsd CWE-295
5.3
2023-04-04 CVE-2023-29323 ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
local
low complexity
openbsd opensmtpd
7.8
2023-03-03 CVE-2023-27567 Unspecified vulnerability in Openbsd 7.2
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
network
low complexity
openbsd
7.5
2022-03-25 CVE-2022-27881 Classic Buffer Overflow vulnerability in Openbsd 6.9/7.0
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers.
network
low complexity
openbsd CWE-120
5.0
2022-03-25 CVE-2022-27882 Incorrect Conversion between Numeric Types vulnerability in Openbsd 6.9/7.0
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement.
network
low complexity
openbsd CWE-681
5.0
2021-06-22 CVE-2010-4816 NULL Pointer Dereference vulnerability in Openbsd
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
network
low complexity
openbsd CWE-476
5.0
2021-05-11 CVE-2020-26142 Injection vulnerability in Openbsd 6.6
An issue was discovered in the kernel in OpenBSD 6.6.
network
high complexity
openbsd CWE-74
2.6