Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-5334
Off-by-one error in the OBJ_obj2txt function in LibreSSL prior to 2.3.1 allows remote malicious users to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerab...
Openbsd Libressl
Opensuse Opensuse 13.2
1 Article
7.5
CVSSv3
CVE-2012-5663
The isearch package (textproc/isearch) prior to 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
Openbsd Textproc\\/isearch
7.8
CVSSv3
CVE-2019-19726
OpenBSD up to and including 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries ...
Openbsd Openbsd
1 Article
7.4
CVSSv3
CVE-2019-14899
A vulnerability exists in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence...
Freebsd Freebsd -
Linux Linux Kernel -
Openbsd Openbsd -
Apple Mac Os X
Apple Tvos
Apple Iphone Os
Apple Ipados
Apple Macos 11.0
4 Github repositories
1 Article
9.8
CVSSv3
CVE-2012-1577
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
Dietlibc Project Dietlibc -
Openbsd Openbsd -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Openbsd Openbsd 6.6
1 Github repository
7.8
CVSSv3
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd 6.6
7.8
CVSSv3
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
Openbsd Openbsd 6.6
1 Github repository
7.8
CVSSv3
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned b...
Openbsd Openbsd 6.6
1 Github repository
9.8
CVSSv3
CVE-2019-15900
An issue exists in slicer69 doas prior to 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf fail...
Doas Project Doas
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »