Vulnerabilities > Openbsd > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-27 | CVE-2017-8301 | Improper Certificate Validation vulnerability in Openbsd Libressl 2.5.1/2.5.2/2.5.3 LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | 5.3 |
| 2017-03-07 | CVE-2016-6522 | Integer Overflow or Wraparound vulnerability in Openbsd 5.9 Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping. | 5.5 |
| 2017-03-07 | CVE-2016-6350 | NULL Pointer Dereference vulnerability in Openbsd 5.8/5.9 OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. | 5.5 |
| 2017-03-07 | CVE-2016-6247 | Improper Input Validation vulnerability in Openbsd 5.8/5.9 OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. | 5.5 |
| 2017-03-07 | CVE-2016-6246 | Improper Input Validation vulnerability in Openbsd 5.8/5.9 OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node. | 4.4 |
| 2017-03-07 | CVE-2016-6245 | Unspecified vulnerability in Openbsd 5.8/5.9 OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call. | 5.5 |
| 2017-03-07 | CVE-2016-6243 | Improper Input Validation vulnerability in Openbsd 5.8/5.9 thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. | 5.5 |
| 2017-03-07 | CVE-2016-6242 | Numeric Errors vulnerability in Openbsd 5.8/5.9 OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. | 5.5 |
| 2017-03-07 | CVE-2016-6239 | Improper Input Validation vulnerability in Openbsd 5.8/5.9 The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. | 5.5 |
| 2017-02-13 | CVE-2016-6210 | Information Exposure vulnerability in Openbsd Openssh sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. | 5.9 |