Vulnerabilities > Openbsd > Openbsd > 3.0

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2021-46880 Improper Certificate Validation vulnerability in Openbsd
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
network
low complexity
openbsd CWE-295
critical
9.8
2023-04-12 CVE-2022-48437 Improper Certificate Validation vulnerability in Openbsd
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001.
network
low complexity
openbsd CWE-295
5.3
2020-07-28 CVE-2020-16088 Improper Authentication vulnerability in Openbsd
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
network
low complexity
openbsd CWE-287
7.5
2019-12-12 CVE-2019-19726 Improper Privilege Management vulnerability in Openbsd
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit.
local
low complexity
openbsd CWE-269
7.8
2019-08-26 CVE-2019-8460 Unspecified vulnerability in Openbsd
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
network
low complexity
openbsd
5.0
2017-06-19 CVE-2017-1000373 Resource Exhaustion vulnerability in Openbsd
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
openbsd CWE-400
6.4
2017-06-19 CVE-2017-1000372 Security Bypass vulnerability in OpenBSD
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at.
network
low complexity
openbsd
7.5
2011-08-19 CVE-2011-2895 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
network
freetype x freebsd netbsd openbsd CWE-119
critical
9.3
2008-03-04 CVE-2008-1148 A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. 6.8
2008-03-04 CVE-2008-1146 A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. 6.8