Vulnerabilities > Openbsd

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2020-7247 Improper Handling of Exceptional Conditions vulnerability in multiple products
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field.
network
low complexity
openbsd debian fedoraproject canonical CWE-755
critical
9.8
2020-01-23 CVE-2015-5333 Resource Exhaustion vulnerability in multiple products
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
network
low complexity
openbsd opensuse CWE-400
7.5
2020-01-23 CVE-2015-5334 Out-of-bounds Write vulnerability in multiple products
Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow.
network
low complexity
openbsd opensuse CWE-787
critical
9.8
2019-12-30 CVE-2012-5663 Incomplete Cleanup vulnerability in Openbsd Textproc/Isearch
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
network
low complexity
openbsd CWE-459
7.5
2019-12-12 CVE-2019-19726 Improper Privilege Management vulnerability in Openbsd
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit.
local
low complexity
openbsd CWE-269
7.8
2019-12-11 CVE-2019-14899 A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple
7.4
2019-12-10 CVE-2012-1577 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
network
low complexity
openbsd dietlibc-project debian CWE-335
critical
9.8
2019-12-05 CVE-2019-19522 Incorrect Permission Assignment for Critical Resource vulnerability in Openbsd 6.6
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group.
local
low complexity
openbsd CWE-732
7.8
2019-12-05 CVE-2019-19521 Improper Authentication vulnerability in Openbsd 6.6
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd.
network
low complexity
openbsd CWE-287
critical
9.8
2019-12-05 CVE-2019-19520 Incorrect Authorization vulnerability in Openbsd 6.6
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
local
low complexity
openbsd CWE-863
7.8