Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-5334
Off-by-one error in the OBJ_obj2txt function in LibreSSL prior to 2.3.1 allows remote malicious users to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerab...
Openbsd Libressl
Opensuse Opensuse 13.2
1 Article
5
CVSSv2
CVE-2012-5663
The isearch package (textproc/isearch) prior to 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
Openbsd Textproc\\/isearch
7.2
CVSSv2
CVE-2019-19726
OpenBSD up to and including 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries ...
Openbsd Openbsd
1 Article
4.9
CVSSv2
CVE-2019-14899
A vulnerability exists in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence...
Freebsd Freebsd -
Linux Linux Kernel -
Openbsd Openbsd -
Apple Mac Os X
Apple Tvos
Apple Iphone Os
Apple Ipados
Apple Macos 11.0
4 Github repositories
1 Article
7.5
CVSSv2
CVE-2012-1577
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
Dietlibc Project Dietlibc -
Openbsd Openbsd -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.6
CVSSv2
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd 6.6
4.6
CVSSv2
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
Openbsd Openbsd 6.6
1 Github repository
7.5
CVSSv2
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Openbsd Openbsd 6.6
1 Github repository
7.2
CVSSv2
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned b...
Openbsd Openbsd 6.6
1 Github repository
9
CVSSv2
CVE-2019-15901
An issue exists in slicer69 doas prior to 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted...
Doas Project Doas
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »