Openbsd : Security Vulnerabilities, CVEs, Published In 2014
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.
Max CVSS
7.5
EPSS Score
0.34%
Published
2014-12-29
Updated
2014-12-30
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
Max CVSS
4.0
EPSS Score
0.24%
Published
2014-12-06
Updated
2017-09-08
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
Max CVSS
5.0
EPSS Score
0.46%
Published
2014-12-12
Updated
2014-12-12
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Max CVSS
5.8
EPSS Score
0.60%
Published
2014-03-27
Updated
2017-01-07
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Max CVSS
5.8
EPSS Score
0.30%
Published
2014-03-18
Updated
2018-07-19
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Max CVSS
7.5
EPSS Score
4.27%
Published
2014-01-29
Updated
2023-02-13
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
Max CVSS
5.0
EPSS Score
0.89%
Published
2014-05-27
Updated
2017-08-29
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-02-03
Updated
2014-02-21
8 vulnerabilities found