Vulnerabilities > Openbsd > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-06-25 | CVE-2002-0381 | The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | 5.0 |
| 2001-12-31 | CVE-2001-1585 | Improper Authentication vulnerability in Openbsd Openssh 2.3.1 SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | 6.8 |
| 2001-12-31 | CVE-2001-1559 | NULL Pointer Dereference vulnerability in Openbsd 2.9/3.0 The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | 5.5 |
| 2001-11-13 | CVE-2001-1415 | Local Security vulnerability in Openbsd 2.9/3.0 vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | 4.6 |
| 2001-09-27 | CVE-2001-1382 | Remote Security vulnerability in OpenSSH The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | 5.0 |
| 2001-08-17 | CVE-2001-1145 | Directory Traversal Race Condition vulnerability in Multiple BSD FTS fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. | 6.2 |
| 2001-07-07 | CVE-2001-1244 | Denial of Service vulnerability in Multiple Vendor Small TCP MSS Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. | 5.0 |
| 2001-06-27 | CVE-2001-0361 | Cryptographic Issues vulnerability in multiple products Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | 4.0 |
| 2001-03-12 | CVE-2000-0313 | Unspecified vulnerability in Openbsd 2.6 Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. | 4.6 |
| 2001-03-12 | CVE-2000-0310 | Unspecified vulnerability in Openbsd 2.4 IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. | 5.0 |