Export limit exceeded: 363807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4548 1 Openbsd 1 Openssh 2025-04-11 N/A
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
CVE-2011-2895 6 Freebsd, Freetype, Netbsd and 3 more 7 Freebsd, Freetype, Netbsd and 4 more 2025-04-11 N/A
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
CVE-2011-5000 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2025-04-11 N/A
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
CVE-2010-4754 4 Apple, Freebsd, Netbsd and 1 more 4 Mac Os X, Freebsd, Netbsd and 1 more 2025-04-11 N/A
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
CVE-2023-27567 1 Openbsd 1 Openbsd 2025-03-06 7.5 High
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
CVE-2022-48437 1 Openbsd 2 Libressl, Openbsd 2025-02-10 5.3 Medium
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
CVE-2021-46880 1 Openbsd 2 Libressl, Openbsd 2025-02-07 9.8 Critical
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
CVE-2023-35784 1 Openbsd 2 Libressl, Openbsd 2024-12-17 9.8 Critical
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
CVE-2023-40216 1 Openbsd 1 Openbsd 2024-11-21 5.5 Medium
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
CVE-2023-38408 3 Fedoraproject, Openbsd, Redhat 9 Fedora, Openssh, Devworkspace and 6 more 2024-11-21 9.8 Critical
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
CVE-2023-38283 3 Bgp, Openbgpd, Openbsd 3 Openbgpd, Openbgpd, Openbsd 2024-11-21 5.3 Medium
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.
CVE-2022-27882 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.
CVE-2022-27881 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.
CVE-2021-41581 1 Openbsd 1 Libressl 2024-11-21 5.5 Medium
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2021-28041 4 Fedoraproject, Netapp, Openbsd and 1 more 11 Fedora, Cloud Backup, Hci Compute Node and 8 more 2024-11-21 7.1 High
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2020-26142 1 Openbsd 1 Openbsd 2024-11-21 5.3 Medium
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVE-2020-16088 1 Openbsd 1 Openbsd 2024-11-21 9.8 Critical
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
CVE-2020-12062 1 Openbsd 1 Openssh 2024-11-21 7.5 High
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.
CVE-2019-8460 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
CVE-2019-6724 4 Apple, Barracuda, Linux and 1 more 4 Mac Os X, Vpn Client, Linux Kernel and 1 more 2024-11-21 N/A
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.