# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2011-2895 |
119 |
|
Exec Code Overflow |
2011-08-19 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. |
2 |
CVE-2011-2168 |
189 |
|
Overflow |
2011-05-24 |
2011-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. |
3 |
CVE-2009-0537 |
189 |
|
DoS Overflow |
2009-03-09 |
2018-10-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. |
4 |
CVE-2008-4609 |
16 |
|
DoS |
2008-10-20 |
2021-07-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
5 |
CVE-2005-0740 |
|
|
DoS |
2005-01-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. |
6 |
CVE-2003-1366 |
200 |
|
+Info |
2003-12-31 |
2017-07-29 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. |
7 |
CVE-2003-0466 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
8 |
CVE-2003-0144 |
|
|
Overflow +Priv |
2003-03-31 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. |
9 |
CVE-2003-0028 |
|
|
Exec Code Overflow |
2003-03-25 |
2020-01-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
10 |
CVE-2002-2180 |
|
|
+Priv |
2002-12-31 |
2008-09-05 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error. |
11 |
CVE-2002-2092 |
|
|
+Priv |
2002-12-31 |
2017-12-19 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. |
12 |
CVE-2002-1915 |
|
|
DoS |
2002-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. |
13 |
CVE-2001-0554 |
120 |
|
Exec Code Overflow |
2001-08-14 |
2022-01-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. |
14 |
CVE-2001-0247 |
|
|
Exec Code Overflow |
2001-06-18 |
2020-01-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. |
15 |
CVE-2001-0053 |
|
|
Overflow +Priv |
2001-02-12 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. |
16 |
CVE-2000-1010 |
|
|
Exec Code |
2000-12-11 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. |
17 |
CVE-2000-1004 |
|
|
Exec Code |
2000-12-11 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. |
18 |
CVE-2000-0997 |
|
|
+Priv |
2000-12-19 |
2018-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. |
19 |
CVE-2000-0994 |
|
|
+Priv |
2000-12-19 |
2018-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. |
20 |
CVE-2000-0993 |
|
|
+Priv |
2000-12-19 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. |
21 |
CVE-2000-0914 |
|
|
DoS |
2000-12-19 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. |
22 |
CVE-2000-0751 |
|
|
Exec Code |
2000-10-20 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. |
23 |
CVE-2000-0750 |
|
|
Exec Code Overflow |
2000-10-20 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. |
24 |
CVE-2000-0489 |
|
|
DoS |
1999-09-05 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. |
25 |
CVE-2000-0312 |
|
|
+Priv |
2001-03-12 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. |
26 |
CVE-1999-0727 |
|
|
|
1999-08-06 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
27 |
CVE-1999-0724 |
|
|
Overflow |
1999-08-12 |
2008-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |
28 |
CVE-1999-0703 |
|
|
|
1999-08-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
29 |
CVE-1999-0674 |
|
|
|
1999-08-09 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |