Openbsd : Security Vulnerabilities, CVEs, CVSS score between 1 and 1.99
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-08-24
Updated
2022-12-13
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
Max CVSS
1.2
EPSS Score
0.04%
Published
2001-06-02
Updated
2017-12-19
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Max CVSS
1.2
EPSS Score
0.07%
Published
2005-08-23
Updated
2017-10-11
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
Max CVSS
1.2
EPSS Score
0.04%
Published
2008-07-22
Updated
2017-08-08
4 vulnerabilities found