Vulnerabilities > Openbsd > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2023-12-24 CVE-2023-51767 OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit.
local
high complexity
openbsd fedoraproject redhat
7.0
2023-04-04 CVE-2023-29323 ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
local
low complexity
openbsd opensmtpd
7.8
2023-03-03 CVE-2023-27567 Unspecified vulnerability in Openbsd 7.2
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
network
low complexity
openbsd
7.5
2022-03-25 CVE-2022-27881 Classic Buffer Overflow vulnerability in Openbsd 6.9/7.0
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers.
network
low complexity
openbsd CWE-120
7.5
2022-03-25 CVE-2022-27882 Incorrect Conversion between Numeric Types vulnerability in Openbsd 6.9/7.0
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement.
network
low complexity
openbsd CWE-681
7.5
2021-09-26 CVE-2021-41617 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. 7.0
2021-07-01 CVE-2019-25048 Out-of-bounds Read vulnerability in Openbsd Libressl
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
local
low complexity
openbsd CWE-125
7.1
2021-07-01 CVE-2019-25049 Out-of-bounds Read vulnerability in Openbsd Libressl
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
local
low complexity
openbsd CWE-125
7.1
2021-06-22 CVE-2010-4816 Unspecified vulnerability in Openbsd
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
network
low complexity
openbsd
7.5