Vulnerabilities > Openbsd

DATE CVE VULNERABILITY TITLE RISK
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-08-01 CVE-2018-14775 Improper Input Validation vulnerability in Openbsd 6.2/6.3
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
local
low complexity
openbsd CWE-20
5.5
2018-06-15 CVE-2018-12434 Information Exposure vulnerability in Openbsd Libressl
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP.
local
high complexity
openbsd CWE-200
4.7
2018-03-24 CVE-2018-8970 Improper Certificate Validation vulnerability in Openbsd Libressl 2.7.0
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
openbsd CWE-295
7.4
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5
2017-10-26 CVE-2017-15906 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
network
low complexity
openbsd oracle debian netapp redhat CWE-732
5.3
2017-10-16 CVE-2015-7687 Use After Free vulnerability in multiple products
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
network
low complexity
openbsd fedoraproject CWE-416
critical
9.8
2017-06-19 CVE-2017-1000373 Resource Exhaustion vulnerability in Openbsd
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
openbsd CWE-400
6.5
2017-06-19 CVE-2017-1000372 Unspecified vulnerability in Openbsd
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at.
network
low complexity
openbsd
critical
9.8
2017-04-27 CVE-2017-8301 Improper Certificate Validation vulnerability in Openbsd Libressl 2.5.1/2.5.2/2.5.3
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
network
high complexity
openbsd CWE-295
5.3