Latest openbsd openbsd Vulnerabilities

CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed i...
Openbgpd Openbgpd<8.1
Openbsd Openbsd<7.3
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
and 2 more
CVE-2023-40216
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI te...
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
Openbsd Openbsd=7.3-errata_004
Openbsd Openbsd=7.3-errata_005
and 8 more
CVE-2023-35784
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affect...
Openbsd Libressl<3.6.3
Openbsd Libressl>=3.7.0<3.7.3
Openbsd Openbsd=7.2
Openbsd Openbsd=7.3
CVE-2021-46880
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
Openbsd Libressl<3.4.2
Openbsd Openbsd<7.0
CVE-2022-48437
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verific...
Openbsd Libressl<3.6.1
Openbsd Openbsd<7.2
CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped I...
Opensmtpd Opensmtpd<7.0.0
Openbsd Openbsd=7.1
Openbsd Openbsd=7.2
CVE-2023-27567
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
Openbsd Openbsd=7.2
CVE-2022-27882
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
CVE-2022-27881
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge ca...
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
CVE-2010-4816
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
Openbsd Openbsd=4.6
Openbsd Openbsd=6.3
Openbsd Openbsd=4.9
Openbsd Openbsd=8.0
CVE-2020-26142
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packe...
Openbsd Openbsd=6.6
CVE-2020-16088
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
Openbsd Openbsd<=6.7
CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
FreeBSD FreeBSD=8.2
Apple Mac OS X>=10.6.0<=10.7.2
Openbsd Openbsd=5.0
PHP PHP>=5.3.0<=5.3.10
CVE-2019-19726
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chp...
Openbsd Openbsd<=6.6
CVE-2019-14899
Kernel. A routing issue was addressed with improved restrictions.
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
Apple tvOS<13.4.8
Apple iOS<13.6
Apple iPadOS<13.6
and 11 more
CVE-2012-1577
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
debian/dietlibc
Dietlibc Project Dietlibc
Openbsd Openbsd
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login...
Openbsd Openbsd=6.6
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd=6.6
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...
Openbsd Openbsd=6.6
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's f...
Openbsd Openbsd=6.6
CVE-2019-8460
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of s...
Openbsd Openbsd<=6.5
CVE-2019-6724
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malici...
Barracuda VPN Client<5.0.2.7
Apple Mac OS X
Linux Linux kernel
Openbsd Openbsd
CVE-2018-14775
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
Openbsd Openbsd=6.2
Openbsd Openbsd=6.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203