Vulnerabilities > Openbsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-31 | CVE-2001-1559 | NULL Pointer Dereference vulnerability in Openbsd 2.9/3.0 The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | 5.5 |
| 2001-12-31 | CVE-2001-1507 | Unspecified vulnerability in Openbsd Openssh 3.0/3.0P1 OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | 7.5 |
| 2001-12-21 | CVE-2001-0872 | OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. | 7.2 |
| 2001-12-06 | CVE-2001-0816 | Unspecified vulnerability in Openbsd Openssh OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | 7.5 |
| 2001-11-13 | CVE-2001-1415 | Local Security vulnerability in Openbsd 2.9/3.0 vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | 4.6 |
| 2001-10-18 | CVE-2001-1380 | Unspecified vulnerability in Openbsd Openssh OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | 7.5 |
| 2001-10-03 | CVE-2001-0670 | Buffer Overflow vulnerability in Multiple BSD Vendor lpd Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. | 7.5 |
| 2001-09-27 | CVE-2001-1382 | Remote Security vulnerability in OpenSSH The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | 5.0 |
| 2001-09-20 | CVE-2001-1029 | libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | 2.1 |
| 2001-08-22 | CVE-2001-0572 | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | 7.5 |