Openbsd : Security Vulnerabilities, CVEs, CVSS score between 7 and 7.99
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-08-03
Updated
2008-09-09
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-02-01
Updated
2022-08-17
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-08-09
Updated
2018-10-30
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-03-12
Updated
2008-09-05
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
Max CVSS
7.5
EPSS Score
0.89%
Published
2000-10-20
Updated
2008-09-10
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
9.15%
Published
2000-10-20
Updated
2008-09-05
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-12-19
Updated
2017-10-10
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-12-19
Updated
2018-05-03
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
Max CVSS
7.2
EPSS Score
0.06%
Published
2000-12-19
Updated
2018-05-03
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-12-19
Updated
2018-05-03
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-12-19
Updated
2018-05-03
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
Max CVSS
7.5
EPSS Score
0.71%
Published
2001-01-09
Updated
2017-10-10
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Max CVSS
7.2
EPSS Score
0.06%
Published
2002-08-12
Updated
2016-10-18
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
Max CVSS
7.2
EPSS Score
0.06%
Published
2001-05-03
Updated
2017-10-10
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
Max CVSS
7.5
EPSS Score
2.58%
Published
2001-06-18
Updated
2017-10-10
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
Max CVSS
7.2
EPSS Score
0.06%
Published
2001-08-14
Updated
2017-10-10
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
Max CVSS
7.5
EPSS Score
1.61%
Published
2001-08-22
Updated
2008-09-05
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
Max CVSS
7.5
EPSS Score
19.92%
Published
2001-10-03
Updated
2017-10-10
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
Max CVSS
7.5
EPSS Score
0.49%
Published
2001-12-06
Updated
2017-10-10
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.50%
Published
2001-12-21
Updated
2018-05-03
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
Max CVSS
7.5
EPSS Score
2.48%
Published
2001-10-18
Updated
2018-05-03
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
Max CVSS
7.5
EPSS Score
0.20%
Published
2001-06-19
Updated
2017-07-11
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
Max CVSS
7.5
EPSS Score
3.00%
Published
2001-12-31
Updated
2008-09-10
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
Max CVSS
7.5
EPSS Score
0.45%
Published
2002-08-12
Updated
2008-09-05
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-07-03
Updated
2016-10-18