| 2023-04-04 | CVE-2023-29323 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. | 7.8 |
| 2023-03-17 | CVE-2023-28531 | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. | 9.8 |
| 2023-03-03 | CVE-2023-27567 | Unspecified vulnerability in Openbsd 7.2
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | 7.5 |
| 2023-02-03 | CVE-2023-25136 | Double Free vulnerability in multiple products
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. | 6.5 |
| 2022-03-25 | CVE-2022-27881 | Classic Buffer Overflow vulnerability in Openbsd 6.9/7.0
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. | 7.5 |
| 2022-03-25 | CVE-2022-27882 | Incorrect Conversion between Numeric Types vulnerability in Openbsd 6.9/7.0
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. | 7.5 |
| 2022-03-13 | CVE-2021-36368 | Improper Authentication vulnerability in multiple products
An issue was discovered in OpenSSH before 8.9. | 3.7 |
| 2021-09-26 | CVE-2021-41617 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. | 7.0 |
| 2021-09-24 | CVE-2021-41581 | Out-of-bounds Read vulnerability in Openbsd Libressl
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. | 5.5 |
| 2021-09-15 | CVE-2016-20012 | OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. | 5.3 |