MidnightBSD

Advisories for openbsd

CVE-1999-0001 MEDIUM

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 3.0
freebsd freebsd 2.2.3
openbsd openbsd 2.4
freebsd freebsd 1.0
freebsd freebsd 2.2.4
openbsd openbsd 2.3
freebsd freebsd 2.1.7.1
freebsd freebsd 2.1.6
freebsd freebsd 2.2.8
freebsd freebsd 2.0.1
freebsd freebsd 1.1
freebsd freebsd 2.1.5
bsdi bsd_os 3.1
freebsd freebsd 2.1.6.1
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
freebsd freebsd 2.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.2.6
freebsd freebsd 2.1.7
freebsd freebsd 2.0.5
freebsd freebsd 1.2
freebsd freebsd 2.2
CVE-1999-0052 MEDIUM

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,CWE-476,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.3
freebsd freebsd 2.1.7.1
bsdi bsd_os 4.0
openbsd openbsd 2.2
freebsd freebsd 2.1.6
freebsd freebsd 2.2.8
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 2.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.1.0
freebsd freebsd 2.0.5
CVE-1999-0061 MEDIUM

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
freebsd freebsd 6.2
openbsd openbsd 2.1
bsdi bsd_os *
CVE-1999-0062 HIGH

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.3
CVE-1999-0303 MEDIUM

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.2
netbsd netbsd 1.3
sun sunos 4.1.3
sun sunos 5.3
sun sunos 5.1
netbsd netbsd 1.3.1
openbsd openbsd 2.2
sun solaris *
sun solaris 2.5
sun sunos 5.5.1
sun sunos 5.5
sun solaris 1.1.3
sun solaris 1.1.4
digital osf_1 1.1
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.0
openbsd openbsd 2.1
sun sunos -
sun sunos 5.4
CVE-1999-0304 HIGH

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 3.0
netbsd netbsd 2.0.4
openbsd openbsd 2.2
freebsd freebsd 2.2
CVE-1999-0305 MEDIUM

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.5
openbsd openbsd 2.0
openbsd openbsd 2.2
openbsd openbsd 2.1
bsdi bsd_os *
freebsd freebsd 2.2
CVE-1999-0323 HIGH

FreeBSD mmap function allows users to modify append-only or immutable files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 3.0
netbsd netbsd 2.0.4
openbsd openbsd 2.2
freebsd freebsd 2.2
CVE-1999-0396 LOW

A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
netbsd netbsd 2.0.4
CVE-1999-0481 MEDIUM

Denial of service in "poll" in OpenBSD.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
CVE-1999-0482 MEDIUM

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-1999-0483 LOW

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-1999-0484 LOW

Buffer overflow in OpenBSD ping.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-1999-0485 LOW

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
CVE-1999-0674 HIGH

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
sun sunos 5.2
netbsd netbsd 1.3.1
openbsd openbsd 2.3
openbsd openbsd 2.2
netbsd netbsd 1.3.2
openbsd openbsd 2.0
netbsd netbsd 1.1
sun solaris 7.0
openbsd openbsd 2.1
netbsd netbsd 1.3
netbsd netbsd 1.0
sun sunos 5.3
sun sunos 5.1
sun solaris 2.5
sun sunos 5.5.1
sun solaris 2.6
sun sunos 5.7
sun sunos 5.5
netbsd netbsd 1.2
openbsd openbsd 2.5
netbsd netbsd 1.2.1
netbsd netbsd 1.4
sun solaris 2.4
netbsd netbsd 1.3.3
sun sunos -
sun sunos 5.4
CVE-1999-0703 LOW

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 3.2
freebsd freebsd 3.2
openbsd openbsd 2.5
CVE-1999-0724 MEDIUM

Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.5
CVE-1999-0727 MEDIUM

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.5
CVE-1999-0798 HIGH

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
sco internet_faststart *
sco unixware 7.0.1
sco unixware 7.0
openbsd openbsd 2.3
redhat linux *
freebsd freebsd 6.2
bsdi bsd_os *
sco openserver *
CVE-1999-1010 LOW

An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 1.2.27
CVE-1999-1214 LOW

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
bsd bsd 4.4
bsd bsd *
freebsd freebsd 6.2
sgi irix *
netbsd netbsd 2.0.4
openbsd openbsd 2.1
CVE-1999-1225 MEDIUM

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
netbsd netbsd 2.0.4
digital ultrix *
sun solaris *
openbsd openbsd *
CVE-2000-0092 MEDIUM

The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.4
openbsd openbsd 2.6
netbsd netbsd 1.4.1
CVE-2000-0143 MEDIUM

The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssh ssh 1.2.10
ssh ssh 1.2.11
ssh ssh 1.2.18
ssh ssh 1.2.8
ssh ssh 1.2.17
ssh ssh 1.2.13
ssh ssh 1.2.24
ssh ssh 1.2.0
ssh ssh 1.2.14
ssh ssh 1.2.26
ssh ssh 1.2.4
ssh ssh 1.2.12
ssh ssh 1.2.2
ssh ssh 1.2.21
ssh ssh 1.2.7
ssh ssh 1.2.15
ssh ssh 1.2.27
ssh ssh 1.2.25
ssh ssh 1.2.5
openbsd openssh 1.2
openbsd openssh *
ssh ssh 1.2.20
ssh ssh 1.2.9
ssh ssh 1.2.6
ssh ssh 1.2.19
ssh ssh 1.2.1
ssh ssh 1.2.22
ssh ssh 1.2.23
ssh ssh 1.2.16
ssh ssh 1.2.3
CVE-2000-0217 MEDIUM

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssh ssh 1.2.10
ssh ssh 1.2.11
ssh ssh 1.2.18
ssh ssh2 2.0.11
ssh ssh 1.2.8
ssh ssh2 2.0.2
ssh ssh 1.2.31
ssh ssh 1.2.17
ssh ssh 1.2.13
ssh ssh 1.2.24
ssh ssh 1.2.0
ssh ssh 1.2.14
ssh ssh 1.2.26
ssh ssh 1.2.30
ssh ssh2 2.0.1
ssh ssh 1.2.4
ssh ssh2 2.0.8
ssh ssh2 2.0.4
ssh ssh 1.2.12
ssh ssh2 2.0.10
ssh ssh 1.2.2
ssh ssh2 2.0.3
ssh ssh 1.2.21
ssh ssh 1.2.7
ssh ssh 1.2.15
ssh ssh 1.2.27
ssh ssh 1.2.25
ssh ssh 1.2.5
openbsd openssh 1.2
ssh ssh 1.2.20
ssh ssh 1.2.9
ssh ssh 1.2.28
ssh ssh2 2.0
ssh ssh 1.2.6
ssh ssh2 2.0.6
ssh ssh2 2.0.5
ssh ssh2 2.0.7
ssh ssh 1.2.29
ssh ssh 1.2.19
ssh ssh 1.2.1
ssh ssh 1.2.22
ssh ssh2 2.0.12
ssh ssh 1.2.23
ssh ssh 1.2.16
ssh ssh 1.2.3
ssh ssh2 2.0.9
CVE-2000-0309 LOW

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
CVE-2000-0310 MEDIUM

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
CVE-2000-0312 HIGH

cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.5
CVE-2000-0313 MEDIUM

Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.6
CVE-2000-0489 LOW

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.0
freebsd freebsd 3.1
freebsd freebsd 5.0
freebsd freebsd 3.3
freebsd freebsd 4.0
openbsd openbsd 2.5
freebsd freebsd 3.5
freebsd freebsd 3.4
openbsd openbsd 2.6
netbsd netbsd 1.4
freebsd freebsd 3.2
netbsd netbsd 1.4.2
openbsd openbsd 2.7
netbsd netbsd 1.4.1
CVE-2000-0525 HIGH

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 1.2
openbsd openssh 2.1
openbsd openssh 1.2.3
CVE-2000-0574 MEDIUM

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
washington_university wu-ftpd 2.4.2_beta18_vr12
openbsd ftpd 5.51
washington_university wu-ftpd 2.4.2_beta1
washington_university wu-ftpd 2.4.2_beta18_vr9
washington_university wu-ftpd 2.4.2_beta18_vr6
washington_university wu-ftpd 2.4.2_beta18_vr15
washington_university wu-ftpd 2.4.2_beta18_vr13
openbsd ftpd 5.60
washington_university wu-ftpd 2.4.2_beta18_vr7
washington_university wu-ftpd 2.6
washington_university wu-ftpd 2.4.2_beta18_vr8
washington_university wu-ftpd 2.4.2_beta18_vr4
washington_university wu-ftpd 2.5
washington_university wu-ftpd 2.4.2_beta18
washington_university wu-ftpd 2.4.2_beta18_vr5
washington_university wu-ftpd 2.4.2_vr17
washington_university wu-ftpd 2.4.2_beta18_vr10
washington_university wu-ftpd 2.4.2_beta18_vr11
washington_university wu-ftpd 2.4.2_vr16
washington_university wu-ftpd 2.4.2_beta18_vr14
CVE-2000-0750 HIGH

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.1
openbsd openbsd 2.4
openbsd openbsd 2.6
netbsd netbsd 1.4.2
openbsd openbsd 2.7
redhat linux 6.2
openbsd openbsd 2.5
redhat linux 6.0
netbsd netbsd 1.4.1
CVE-2000-0751 HIGH

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 6.1
openbsd openbsd 2.4
openbsd openbsd 2.6
netbsd netbsd 1.4.2
openbsd openbsd 2.7
redhat linux 6.2
openbsd openbsd 2.5
redhat linux 6.0
netbsd netbsd 1.4.1
CVE-2000-0914 MEDIUM

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.0
openbsd openbsd 2.6
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 2.1
openbsd openbsd 2.5
CVE-2000-0962 MEDIUM

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.7
CVE-2000-0992 MEDIUM

Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssh ssh 1.2.25
ssh ssh 1.2.18
openbsd openssh 1.2
ssh ssh 1.2.20
ssh ssh 1.2.31
ssh ssh 1.2.17
ssh ssh 1.2.28
ssh ssh 1.2.24
ssh ssh 1.2.14
ssh ssh 1.2.26
openbsd openssh 1.2.3
ssh ssh 1.2.30
ssh ssh 1.2.29
ssh ssh 1.2.19
ssh ssh 1.2.22
ssh ssh 1.2.23
ssh ssh 1.2.21
ssh ssh 1.2.15
ssh ssh 1.2.16
ssh ssh 1.2.27
CVE-2000-0993 HIGH

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.3
freebsd freebsd 3.3
freebsd freebsd 4.0
openbsd openbsd 2.5
freebsd freebsd 3.5
freebsd freebsd 3.4
openbsd openbsd 2.6
netbsd netbsd 1.4
freebsd freebsd 3.2
netbsd netbsd 1.4.2
openbsd openbsd 2.7
netbsd netbsd 1.4.1
CVE-2000-0994 HIGH

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.6
openbsd openbsd 2.3
openbsd openbsd 2.7
openbsd openbsd 2.5
CVE-2000-0995 HIGH

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2000-0996 HIGH

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2000-0997 HIGH

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.6
openbsd openbsd 2.3
netbsd netbsd 1.4
netbsd netbsd 1.4.2
openbsd openbsd 2.7
openbsd openbsd 2.5
netbsd netbsd 1.4.1
CVE-2000-0999 HIGH

Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 4.5
CVE-2000-1004 MEDIUM

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.6
openbsd openbsd 2.3
openbsd openbsd 2.7
openbsd openbsd 2.5
CVE-2000-1010 HIGH

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.6
redhat linux 5.0
openbsd openbsd 2.3
redhat linux 5.1
redhat linux 5.2
openbsd openbsd 2.7
openbsd openbsd 2.5
CVE-2000-1169 HIGH

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 2.2
CVE-2000-1208 HIGH

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
netbsd netbsd 1.4
immunix immunix 6.2
netbsd netbsd 1.4.2
openbsd openbsd 2.7
netbsd netbsd 1.4.1
CVE-2001-0053 HIGH

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.8
openbsd openbsd 2.6
netbsd netbsd 1.4
david_madore ftpd-bsd 0.2.3
netbsd netbsd 1.5
netbsd netbsd 1.4.2
openbsd openbsd 2.7
openbsd openbsd 2.5
netbsd netbsd 1.4.1
CVE-2001-0144 HIGH

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssh ssh 1.2.25
openbsd openssh 2.1
ssh ssh 1.2.31
ssh ssh 1.2.28
ssh ssh 1.2.24
openbsd openssh 2.1.1
ssh ssh 1.2.26
openbsd openssh 1.2.2
openbsd openssh 1.2.3
ssh ssh 1.2.30
openbsd openssh 2.2
ssh ssh 1.2.29
ssh ssh 1.2.27
CVE-2001-0247 HIGH

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.3.1
sgi irix 6.5.4
freebsd freebsd 2.2.4
sgi irix 6.5.8
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
openbsd openbsd 2.8
openbsd openbsd 2.6
freebsd freebsd 2.2.6
netbsd netbsd 1.5
freebsd freebsd 3.1
sgi irix 6.5.1
sgi irix 6.5.6
sgi irix 6.5.2m
sgi irix 6.5.3f
sgi irix 6.5.3m
openbsd openbsd 2.5
netbsd netbsd 1.2.1
netbsd netbsd 1.4
netbsd netbsd 1.4.3
sgi irix 6.5.11
netbsd netbsd 1.3.3
openbsd openbsd 2.7
mit kerberos_5 1.2.1
freebsd freebsd 2.2.3
openbsd openbsd 2.4
freebsd freebsd 4.1
openbsd openbsd 2.3
sgi irix 6.5.7
freebsd freebsd 4.2
sgi irix 6.1
freebsd freebsd 4.0
mit kerberos_5 1.2.2
freebsd freebsd 3.4
netbsd netbsd 1.3.2
freebsd freebsd 2.2
freebsd freebsd 3.5.1
netbsd netbsd 1.4.1
freebsd freebsd 3.0
netbsd netbsd 1.3
freebsd freebsd 3.3
freebsd freebsd 4.1.1
freebsd freebsd 2.2.8
freebsd freebsd 3.5
sgi irix 6.5.5
sgi irix 6.5.10
sgi irix 6.5.3
freebsd freebsd 3.2
netbsd netbsd 1.4.2
mit kerberos_5 1.2
mit kerberos_5 1.1.1
CVE-2001-0268 HIGH

The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd *
openbsd openbsd *
CVE-2001-0284 HIGH

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2001-0361 MEDIUM

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openbsd openssh 2.1
openbsd openssh 2.1.1
ssh ssh *
openbsd openssh 1.2.3
CVE-2001-0378 LOW

readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2001-0402 HIGH

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.8
darren_reed ipfilter *
freebsd freebsd *
CVE-2001-0529 HIGH

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2001-0554 HIGH

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sun sunos 5.2
netbsd netbsd 1.3.1
freebsd freebsd 2.2.4
freebsd freebsd 2.1.7.1
debian debian_linux 2.2
openbsd openbsd 2.2
ibm aix 4.3.2
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
openbsd openbsd 2.8
netbsd netbsd 1.1
openbsd openbsd 2.6
netkit linux_netkit 0.12
freebsd freebsd 2.1.0
freebsd freebsd 2.2.6
netbsd netbsd 1.5
ibm aix 4.3
openbsd openbsd 2.1
freebsd freebsd 3.1
sun sunos 5.8
sun sunos 5.3
sun sunos 5.1
ibm aix 5.1
ibm aix 4.3.1
sun sunos 5.5.1
freebsd freebsd 2.1.6
openbsd openbsd 2.5
netbsd netbsd 1.2.1
netbsd netbsd 1.4
netbsd netbsd 1.4.3
netbsd netbsd 1.5.1
sun sunos 5.0
netbsd netbsd 1.3.3
freebsd freebsd 2.2.1
openbsd openbsd 2.7
mit kerberos_5 1.2.1
freebsd freebsd 2.2.3
openbsd openbsd 2.4
freebsd freebsd 4.1
openbsd openbsd 2.3
freebsd freebsd 4.2
sgi irix 6.5
freebsd freebsd 4.0
mit kerberos_5 1.1
mit kerberos_5 1.2.2
freebsd freebsd 2.2.7
freebsd freebsd 2.1.5
freebsd freebsd 3.4
netbsd netbsd 1.3.2
openbsd openbsd 2.0
freebsd freebsd 2.0
netkit linux_netkit 0.11
freebsd freebsd 2.2
freebsd freebsd 3.5.1
netbsd netbsd 1.4.1
netkit linux_netkit 0.10
freebsd freebsd 3.0
netbsd netbsd 1.3
netbsd netbsd 1.0
freebsd freebsd 4.3
freebsd freebsd 3.3
freebsd freebsd 4.1.1
sun solaris 2.6
freebsd freebsd 2.2.8
freebsd freebsd 2.0.1
ibm aix 4.3.3
sun sunos 5.7
sun sunos 5.5
mit kerberos 1.0
netbsd netbsd 1.2
freebsd freebsd 3.5
freebsd freebsd 2.1.6.1
freebsd freebsd 2.1.7
freebsd freebsd 3.2
freebsd freebsd 2.0.5
freebsd freebsd 2.1
netbsd netbsd 1.4.2
mit kerberos_5 1.2
mit kerberos_5 1.1.1
sun sunos 5.4
CVE-2001-0572 HIGH

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssh ssh 1.2.25
ssh ssh 1.2.30
ssh ssh 1.2.29
ssh ssh 1.2.31
ssh ssh 1.2.28
openbsd openssh 4.5
ssh ssh 1.2.24
ssh ssh 1.2.27
ssh ssh 1.2.26
CVE-2001-0670 HIGH

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd *
bsd bsd *
openbsd openbsd *
freebsd freebsd *
CVE-2001-0816 HIGH

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2001-0872 HIGH

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.0
redhat linux 7.1
suse suse_linux 7.3
suse suse_linux 7.0
openbsd openssh *
suse suse_linux 7.1
suse suse_linux 6.4
suse suse_linux 7.2
redhat linux 7.2
CVE-2001-1029 LOW

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 4.5
freebsd freebsd *
CVE-2001-1047 LOW

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 2.7
openbsd openbsd 2.9
CVE-2001-1145 MEDIUM

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
netbsd netbsd 1.5
netbsd netbsd 1.5.1
openbsd openbsd *
CVE-2001-1244 MEDIUM

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.4.2
sun sunos 5.8
hp hp-ux 11.11
freebsd freebsd 4.3
microsoft windows_2000 *
sun sunos 5.5.1
sun sunos 5.7
hp vvos 11.04
linux linux_kernel 2.4.1
linux linux_kernel 2.4.4
linux linux_kernel 2.4.5
openbsd openbsd 2.9
openbsd openbsd 2.8
linux linux_kernel 2.4.0
hp hp-ux 11.00
netbsd netbsd 1.5
linux linux_kernel 2.4.3
netbsd netbsd 1.5.1
microsoft windows_nt 4.0
hp hp-ux 11.0.4
CVE-2001-1380 HIGH

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2001-1382 MEDIUM

The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2001-1415 MEDIUM

vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 2.9
CVE-2001-1459 HIGH

OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 2.2
openbsd openssh 2.3
openbsd openssh 2.1
openbsd openssh 2.1.1
openbsd openssh 2.9
openbsd openssh 2.5.1
openbsd openssh 2.5
openbsd openssh 2.5.2
CVE-2001-1507 HIGH

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.0
openbsd openssh 3.0p1
CVE-2001-1559 LOW

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 2.9
CVE-2001-1585 MEDIUM

SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openssh 2.3.1
CVE-2002-0083 HIGH

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.1
redhat linux 7.1
suse suse_linux 7.0
suse suse_linux 7.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.2
mandrakesoft mandrake_linux 8.1
trustix secure_linux 1.2
trustix secure_linux 1.5
openpkg openpkg 1.0
suse suse_linux 6.4
engardelinux secure_linux 1.0.1
openbsd openssh *
conectiva linux graficas
conectiva linux 5.0
mandrakesoft mandrake_single_network_firewall 7.2
immunix immunix 7.0
conectiva linux 7.0
redhat linux 7.0
conectiva linux ecommerce
suse suse_linux 7.3
mandrakesoft mandrake_linux 8.0
suse suse_linux 7.2
conectiva linux 5.1
conectiva linux 6.0
trustix secure_linux 1.1
CVE-2002-0381 MEDIUM

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 2.0.4
openbsd openbsd *
freebsd freebsd *
CVE-2002-0391 HIGH

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
microsoft windows_2000 -
sun sunos 5.8
sun solaris 9.0
microsoft windows_xp -
sun sunos 5.5.1
microsoft windows_nt 4.0
openbsd openbsd 3.1
sun solaris 2.6
sun sunos 5.7
freebsd freebsd *
CVE-2002-0414 HIGH

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
openbsd openbsd 2.6
freebsd freebsd 4.2
freebsd freebsd 4.3
freebsd freebsd 4.5
netbsd netbsd 1.5
netbsd netbsd 1.5.1
netbsd netbsd 1.5.2
openbsd openbsd 2.7
CVE-2002-0514 MEDIUM

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
CVE-2002-0542 HIGH

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 2.9
CVE-2002-0557 HIGH

Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
CVE-2002-0572 HIGH

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
freebsd freebsd 4.4
openbsd openbsd 2.3
freebsd freebsd 4.5
sun solaris 8.0
openbsd openbsd 2.2
sun sunos 5.5.1
sun solaris 2.6
sun sunos 5.7
openbsd openbsd 2.0
sun solaris 7.0
openbsd openbsd 2.1
sun solaris 2.5.1
sun sunos -
CVE-2002-0575 HIGH

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.1
openbsd openssh 2.1.1
openbsd openssh 2.9
openbsd openssh 2.9p2
openbsd openssh 2.9p1
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 2.2
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0.2
openbsd openssh 2.5.1
openbsd openssh 2.5
CVE-2002-0639 HIGH

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2002-0640 HIGH

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.1
openbsd openssh 3.0.1p1
openbsd openssh 2.9
openbsd openssh 2.9p2
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 2.2
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 2.5.1
openbsd openssh 2.5
CVE-2002-0701 LOW

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
openbsd openbsd *
CVE-2002-0765 HIGH

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.2.2
openbsd openbsd 3.1
CVE-2002-0766 HIGH

OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 3.1
openbsd openbsd 2.9
CVE-2002-1219 HIGH

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.6
freebsd freebsd 4.7
isc bind 8.2.4
isc bind 4.9.9
freebsd freebsd 4.5
isc bind 4.9.5
isc bind 8.2.2
isc bind 8.3.2
openbsd openbsd 3.2
isc bind 8.2.3
isc bind 8.2.6
isc bind 8.2
isc bind 4.9.8
isc bind 8.3.0
freebsd freebsd 4.6
isc bind 4.9.7
freebsd freebsd 4.4
isc bind 8.2.5
isc bind 8.3.3
isc bind 8.2.1
openbsd openbsd 3.0
isc bind 4.9.10
openbsd openbsd 3.1
isc bind 8.3.1
CVE-2002-1220 MEDIUM

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
isc bind 8.3.3
openbsd openbsd 3.2
freebsd freebsd 4.4
freebsd freebsd 4.5
openbsd openbsd 3.0
openbsd openbsd 3.1
isc bind 8.3.0
isc bind 8.3.2
freebsd freebsd 4.6
isc bind 8.3.1
CVE-2002-1221 MEDIUM

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 4.4
isc bind 8.2.4
freebsd freebsd 4.5
isc bind 8.2.2
isc bind 8.2.5
isc bind 8.1
isc bind 8.3.2
isc bind 8.3.3
openbsd openbsd 3.2
isc bind 8.2.3
isc bind 8.1.1
isc bind 8.2.1
isc bind 8.2.6
openbsd openbsd 3.0
isc bind 8.1.2
isc bind 8.2
openbsd openbsd 3.1
isc bind 8.3.0
freebsd freebsd 4.6
isc bind 8.3.1
CVE-2002-1345 MEDIUM

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncftp_software ncftp 3.1.0
ncftp_software ncftp 3.0.2
ncftp_software ncftp 3.1.1
ncftp_software ncftp 3.1.4
ncftp_software ncftp 3.0.1
sun solaris 2.6
sun sunos 5.7
ncftp_software ncftp 3.0.4
sun solaris 7.0
openbsd openbsd 3.0
ncftp_software ncftp 3.1.2
ncftp_software ncftp 3.1.3
ncftp_software ncftp 3.0.0
sun sunos -
ncftp_software ncftp 3.0.3
CVE-2002-1420 HIGH

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 3.1
CVE-2002-1915 LOW

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 4.1
netbsd netbsd 1.3.1
openbsd openbsd 2.3
freebsd freebsd 4.2
freebsd freebsd 4.5
openbsd openbsd 2.2
freebsd freebsd 4.0
openbsd openbsd 2.9
netbsd netbsd 1.3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
netbsd netbsd 1.1
openbsd openbsd 2.6
netbsd netbsd 1.5
netbsd netbsd 1.5.2
openbsd openbsd 2.1
freebsd freebsd 3.5.1
netbsd netbsd 1.4.1
freebsd freebsd 4.6
netbsd netbsd 1.3
freebsd freebsd 5.0
netbsd netbsd 1.0
freebsd freebsd 4.4
freebsd freebsd 4.3
freebsd freebsd 4.1.1
netbsd netbsd 1.2
openbsd openbsd 2.5
freebsd freebsd 3.5
netbsd netbsd 1.2.1
netbsd netbsd 1.4
netbsd netbsd 1.4.3
openbsd openbsd 3.0
netbsd netbsd 1.5.1
netbsd netbsd 1.3.3
openbsd openbsd 3.1
netbsd netbsd 1.4.2
openbsd openbsd 2.7
CVE-2002-2092 LOW

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.3
openbsd openbsd 2.4
freebsd freebsd 4.1
netbsd netbsd 1.3.1
freebsd freebsd 2.2.4
openbsd openbsd 2.3
freebsd freebsd 4.2
openbsd openbsd 2.2
freebsd freebsd 4.0
openbsd openbsd 2.9
freebsd freebsd 3.4
netbsd netbsd 1.3.2
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
freebsd freebsd 2.0
freebsd freebsd 2.1.0
freebsd freebsd 2.2.6
netbsd netbsd 1.5
netbsd netbsd 1.5.2
openbsd openbsd 2.1
freebsd freebsd 2.2
freebsd freebsd 3.5.1
netbsd netbsd 1.4.1
freebsd freebsd 3.0
freebsd freebsd 3.1
netbsd netbsd 1.3
freebsd freebsd 4.4
freebsd freebsd 4.3
freebsd freebsd 3.3
freebsd freebsd 4.1.1
freebsd freebsd 2.2.8
openbsd openbsd 2.5
freebsd freebsd 3.5
netbsd netbsd 1.4
netbsd netbsd 1.4.3
openbsd openbsd 3.0
freebsd freebsd 3.2
netbsd netbsd 1.5.1
netbsd netbsd 1.3.3
netbsd netbsd 1.4.2
openbsd openbsd 2.7
CVE-2002-2180 MEDIUM

The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 2.5
openbsd openbsd 2.9
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 3.0
openbsd openbsd 2.1
openbsd openbsd 3.1
openbsd openbsd 2.7
CVE-2002-2188 MEDIUM

OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.0
openbsd openbsd 3.1
CVE-2002-2222 MEDIUM

isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd ports_collection *
openbsd openbsd 3.1
CVE-2002-2280 LOW

syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-16,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
openbsd openbsd 3.0
openbsd openbsd 3.1
openbsd openbsd 2.9
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 6.5.16f
freebsd freebsd 4.5
openbsd openbsd 2.2
openafs openafs 1.0.2
openafs openafs 1.2
sgi irix 6.5.5m
gnu glibc 2.2.5
openbsd openbsd 2.8
openbsd openbsd 2.6
hp hp-ux 11.00
sgi irix 6.5.13f
openafs openafs 1.2.2b
openbsd openbsd 2.1
sun solaris 2.5.1
sgi irix 6.5.2
gnu glibc 2.3
hp hp-ux 11.04
cray unicos 6.0e
gnu glibc 2.2.4
ibm aix 5.1
sgi irix 6.5.18
cray unicos 9.2
sgi irix 6.5.6f
sgi irix 6.5.13m
sgi irix 6.5.3f
sgi irix 6.5.3m
sun sunos 5.5.1
mit kerberos_5 1.2.5
openafs openafs 1.3
cray unicos 8.3
sgi irix 6.5.16m
sgi irix 6.5.11f
sgi irix 6.5.13
gnu glibc 2.1.3
sgi irix 6.5.12
mit kerberos_5 1.2.1
gnu glibc 2.3.1
openafs openafs 1.0.3
cray unicos 9.0.2.5
openbsd openbsd 2.4
sgi irix 6.5.14f
freebsd freebsd 4.7
sun solaris 9.0
freebsd freebsd 4.1
sgi irix 6.5.18f
gnu glibc 2.1.2
sgi irix 6.5.7f
cray unicos 6.0
freebsd freebsd 4.0
mit kerberos_5 1.2.2
hp hp-ux 11.20
sgi irix 6.5.8m
sgi irix 6.5.10f
sgi irix 6.5.17f
cray unicos 7.0
openafs openafs 1.0.4a
sgi irix 6.5.9m
cray unicos 8.0
openafs openafs 1.3.2
freebsd freebsd 5.0
sgi irix 6.5.15
mit kerberos_5 1.2.7
sgi irix 6.5.17m
freebsd freebsd 4.1.1
gnu glibc 2.2.3
sun solaris 2.6
gnu glibc 2.2.1
ibm aix 4.3.3
sun sunos 5.7
sgi irix 6.5.10
sgi irix 6.5.15f
openafs openafs 1.2.3
sgi irix 6.5.15m
cray unicos 6.1
ibm aix 5.2
sgi irix 6.5.5f
sgi irix 6.5.4f
openafs openafs 1.0.4
openafs openafs 1.2.2a
hp hp-ux 10.24
sgi irix 6.5.8
openbsd openbsd 2.9
openafs openafs 1.0
freebsd freebsd 4.6.2
mit kerberos_5 1.2.4
sgi irix 6.5.16
freebsd freebsd 4.6
sgi irix 6.5.7m
sun sunos 5.8
sgi irix 6.5.14m
freebsd freebsd 4.4
openafs openafs 1.2.4
sgi irix 6.5.1
sgi irix 6.5.6
sgi irix 6.5.2m
hp hp-ux_series_700 10.20
gnu glibc 2.2.2
mit kerberos_5 1.2.6
openafs openafs 1.2.5
sgi irix 6.5.4m
gnu glibc 2.3.2
openbsd openbsd 2.5
sgi irix 6.5.19
openafs openafs 1.0.1
sgi irix 6.5.14
openbsd openbsd 3.0
sgi irix 6.5.11
sgi irix 6.5.9
openbsd openbsd 3.1
openbsd openbsd 2.7
sun sunos -
cray unicos 9.2.4
gnu glibc 2.1.1
hp hp-ux 11.11
openbsd openbsd 2.3
sgi irix 6.5.7
freebsd freebsd 4.2
hp hp-ux_series_800 10.20
sgi irix 6.5
sun solaris 8.0
openbsd openbsd 3.2
openbsd openbsd 2.0
sgi irix 6.5.9f
sgi irix 6.5.2f
sgi irix 6.5.20
sun solaris 7.0
openafs openafs 1.2.2
openafs openafs 1.2.1
hp hp-ux 10.20
openafs openafs 1.3.1
sgi irix 6.5.11m
sgi irix 6.5.12m
openafs openafs 1.1.1a
sgi irix 6.5.17
freebsd freebsd 4.3
cray unicos 9.0
openafs openafs 1.1
mit kerberos_5 1.2.3
sgi irix 6.5.12f
sgi irix 6.5.6m
openafs openafs 1.2.6
sgi irix 6.5.10m
sgi irix 6.5.5
openafs openafs 1.1.1
gnu glibc 2.1
sgi irix 6.5.3
gnu glibc 2.2
sgi irix 6.5.8f
hp hp-ux 11.22
sgi irix 6.5.18m
mit kerberos_5 1.2
CVE-2003-0078 MEDIUM

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 5.0
freebsd freebsd 4.4
openssl openssl 0.9.6i
openssl openssl 0.9.7
freebsd freebsd 4.2
openssl openssl *
freebsd freebsd 4.3
freebsd freebsd 4.5
openbsd openbsd 3.2
openbsd openbsd 3.1
freebsd freebsd 4.6
CVE-2003-0144 HIGH

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.3
openbsd openbsd 2.4
bsd lpr 2000-05-07
lprold lprold 3.0.48
freebsd freebsd 2.2.4
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 2.5
openbsd openbsd 2.9
openbsd openbsd 3.2
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
freebsd freebsd 2.2.6
openbsd openbsd 3.0
openbsd openbsd 2.1
openbsd openbsd 3.1
bsd lpr 0.48
openbsd openbsd 2.7
freebsd freebsd 2.2
CVE-2003-0190 MEDIUM

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
openbsd openssh *
openbsd openssh 3.6.1p1
openpkg openpkg 1.2
openpkg openpkg 1.3
siemens scalance_x204rna_ecc_firmware *
siemens scalance_x204rna_firmware *
openbsd openssh 3.6.1
openbsd openssh 3.4p1
CVE-2003-0386 HIGH

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.6.1
CVE-2003-0466 HIGH

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
netbsd netbsd *
sun solaris 9.0
apple mac_os_x_server 10.2.6
apple mac_os_x 10.2.6
redhat wu_ftpd 2.6.1-16
wuftpd wu-ftpd *
openbsd openbsd *
freebsd freebsd *
CVE-2003-0681 HIGH

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail 8.11.2
netbsd netbsd 1.5.3
apple mac_os_x 10.2.2
sendmail sendmail 8.11.6
hp hp-ux 11.00
netbsd netbsd 1.5
sendmail sendmail_switch 2.1
sendmail sendmail_switch 2.1.1
sendmail sendmail 8.10.1
sendmail sendmail 3.0
apple mac_os_x 10.2.3
sendmail sendmail 8.9.0
sendmail advanced_message_server 1.2
sendmail sendmail_switch 2.2.4
sendmail sendmail_switch 3.0.2
ibm aix 5.1
apple mac_os_x 10.2.4
sendmail sendmail_switch 2.1.5
sendmail sendmail 8.11.4
turbolinux turbolinux_workstation 7.0
sendmail sendmail 8.9.3
sendmail sendmail 8.8.8
apple mac_os_x_server 10.2.3
apple mac_os_x_server 10.2.4
sendmail sendmail 2.6
sendmail sendmail_switch 3.0.3
sendmail sendmail 8.11.0
sendmail sendmail_switch 2.1.3
sendmail sendmail 8.12.2
sendmail sendmail 8.10.2
sendmail sendmail_switch 2.2
sendmail sendmail 8.12.8
netbsd netbsd 1.6
sendmail sendmail 8.11.3
apple mac_os_x_server 10.2.2
netbsd netbsd 1.5.2
sendmail sendmail 3.0.1
ibm aix 4.3.3
turbolinux turbolinux_server 6.5
sendmail sendmail_switch 3.0
gentoo linux 1.2
turbolinux turbolinux_server 7.0
sendmail sendmail 3.0.3
ibm aix 5.2
sendmail sendmail 8.11.5
apple mac_os_x_server 10.2.6
apple mac_os_x 10.2.6
sendmail sendmail 2.6.2
sendmail sendmail 8.11.1
sendmail sendmail_switch 2.1.4
sendmail sendmail_pro 8.9.2
netbsd netbsd 1.6.1
sendmail sendmail_switch 2.2.5
sendmail sendmail 8.9.1
sendmail sendmail_switch 2.2.1
sendmail sendmail_switch 2.2.2
sendmail sendmail_switch 3.0.1
sendmail sendmail 8.12.4
gentoo linux 0.7
apple mac_os_x 10.2.5
openbsd openbsd 3.3
sendmail sendmail 8.10
turbolinux turbolinux_workstation 8.0
apple mac_os_x_server 10.2.5
netbsd netbsd 1.4.3
sendmail sendmail_pro 8.9.3
netbsd netbsd 1.5.1
apple mac_os_x_server 10.2
hp hp-ux 11.0.4
sendmail sendmail 8.12.3
sendmail sendmail 8.12.9
sendmail sendmail 8.12.0
gentoo linux 0.5
hp hp-ux 11.11
apple mac_os_x 10.2
gentoo linux 1.4
sendmail sendmail 8.12
turbolinux turbolinux_advanced_server 6.0
sendmail sendmail 8.12.1
openbsd openbsd 3.2
sendmail advanced_message_server 1.3
sendmail sendmail_switch 2.1.2
sendmail sendmail 2.6.1
sendmail sendmail 8.12.6
sendmail sendmail_switch 2.2.3
turbolinux turbolinux_workstation 6.0
turbolinux turbolinux_server 6.1
apple mac_os_x 10.2.1
sendmail sendmail 8.9.2
sendmail sendmail 8.12.5
apple mac_os_x_server 10.2.1
turbolinux turbolinux_server 8.0
sendmail sendmail 8.12.7
gentoo linux 1.1a
sendmail sendmail 3.0.2
hp hp-ux 11.22
CVE-2003-0682 HIGH

"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2003-0688 MEDIUM

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 5.0
sendmail sendmail 8.12.4
sendmail sendmail 8.12.5
sendmail sendmail 8.12.7
sendmail sendmail 8.12.8
redhat sendmail 8.12.8-4
compaq tru64 5.0a
sendmail sendmail 8.12.1
openbsd openbsd 3.2
sgi irix 6.5.19
compaq tru64 5.1
freebsd freebsd 4.8
sendmail sendmail 8.12.6
sgi irix 6.5.20
sendmail sendmail 8.12.2
sendmail sendmail 8.12.3
redhat sendmail 8.12.5-7
sgi irix 6.5.21
freebsd freebsd 4.6
CVE-2003-0693 HIGH

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2003-0695 HIGH

Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2003-0786 HIGH

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.7.1p1
openbsd openssh 3.7.1
CVE-2003-0787 HIGH

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.7.1p1
openbsd openssh 3.7.1
CVE-2003-0804 MEDIUM

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 4.1
apple mac_os_x_server 10.2.6
apple mac_os_x 10.2.6
freebsd freebsd 4.2
freebsd freebsd 4.5
apple mac_os_x 10.2
freebsd freebsd 4.0
apple mac_os_x 10.2.2
openbsd openbsd 3.2
apple mac_os_x_server 10.2.2
freebsd freebsd 4.6.2
apple mac_os_x 10.2.3
apple mac_os_x 10.2.7
freebsd freebsd 4.6
freebsd freebsd 5.0
freebsd freebsd 4.4
apple mac_os_x 10.2.4
apple mac_os_x 10.2.1
apple mac_os_x_server 10.2.1
apple mac_os_x 10.2.5
freebsd freebsd 4.3
freebsd freebsd 4.1.1
openbsd openbsd 3.3
apple mac_os_x_server 10.2.3
freebsd freebsd 4.9
apple mac_os_x_server 10.2.4
freebsd freebsd 4.8
apple mac_os_x_server 10.2.5
openbsd openbsd 3.4
apple mac_os_x_server 10.2.7
apple mac_os_x_server 10.2
freebsd freebsd 5.1
CVE-2003-0955 MEDIUM

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.4
openbsd openbsd 3.3
CVE-2003-1366 LOW

chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 2.5
openbsd openbsd 2.9
openbsd openbsd 3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 3.0
openbsd openbsd 2.1
openbsd openbsd 3.1
openbsd openbsd 2.7
CVE-2003-1562 HIGH

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.9.9p2
openbsd openssh 2.1
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 2.9
openbsd openssh 2.9p2
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 2
openbsd openssh 1.2.2
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 2.2
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.4p1
openbsd openssh 1.2
openbsd openssh 3.6.1p1
openbsd openssh 2.3.1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 1.5.8
openbsd openssh 1.2.27
openbsd openssh 3.2.2
openbsd openssh 3.5p1
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 3.6
openbsd openssh 2.5.1
openbsd openssh 1.2.1
openbsd openssh 2.5
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
hp wbem a.01.05.08
avaya sg200 4.4
avaya intuity_audix s3400
cisco ios 12.2za
cisco ios 12.1(13)e9
stonesoft stonegate_vpn_client 2.0.9
cisco pix_firewall_software 6.2(3.100)
lite speed_technologies_litespeed_web_server 1.0.3
4d webstar 5.2.4
hp hp-ux 11.00
bluecoat cacheos_ca_sa 4.1.12
neoteris instant_virtual_extranet 3.0
bluecoat proxysg *
stonesoft servercluster 2.5.2
avaya vsu 10000_r2.0.1
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6d
symantec clientless_vpn_gateway_4400 5.0
novell edirectory 8.7
avaya s8500 r2.0.0
avaya sg5 4.3
lite speed_technologies_litespeed_web_server 1.3
cisco webns 7.1_0.1.02
cisco webns 6.10_b4
stonesoft stonegate 1.7
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.7.2
neoteris instant_virtual_extranet 3.3
avaya s8700 r2.0.1
stonesoft stonegate 1.5.17
avaya intuity_audix *
vmware gsx_server 2.0
bluecoat cacheos_ca_sa 4.1.10
avaya sg208 *
cisco css_secure_content_accelerator 2.0
cisco webns 6.10
novell edirectory 8.6.2
cisco pix_firewall_software 6.2(1)
redhat openssl 0.9.6b-3
cisco pix_firewall_software 6.1(1)
checkpoint firewall-1 next_generation_fp0
tarantella tarantella_enterprise 3.30
redhat linux 7.3
stonesoft stonegate 2.0.7
4d webstar 5.2.1
cisco webns 7.2_0.0.03
vmware gsx_server 2.5.1
hp aaa_server *
avaya vsu 5
sgi propack 2.3
lite speed_technologies_litespeed_web_server 1.3_rc3
cisco firewall_services_module 1.1.3
freebsd freebsd 4.9
avaya sg208 4.4
4d webstar 5.3.1
avaya vsu 500
lite speed_technologies_litespeed_web_server 1.3_rc2
avaya sg200 4.31.29
novell edirectory 8.5.12a
stonesoft stonegate 1.7.1
securecomputing sidewinder 5.2.1
cisco firewall_services_module *
stonesoft stonegate 1.5.18
checkpoint vpn-1 next_generation_fp1
novell imanager 2.0
4d webstar 5.3
stonesoft stonegate_vpn_client 1.7.2
cisco ios 12.1(11)e
cisco css_secure_content_accelerator 1.0
lite speed_technologies_litespeed_web_server 1.0.1
checkpoint provider-1 4.1
stonesoft stonegate_vpn_client 2.0
hp wbem a.02.00.01
lite speed_technologies_litespeed_web_server 1.2.2
cisco firewall_services_module 1.1.2
hp apache-based_web_server 2.0.43.00
openssl openssl 0.9.7a
cisco pix_firewall_software 6.2
avaya vsu 100_r2.0.1
cisco pix_firewall_software 6.3(1)
cisco pix_firewall_software 6.3(3.109)
redhat openssl 0.9.6-15
lite speed_technologies_litespeed_web_server 1.0.2
checkpoint firewall-1 2.0
cisco okena_stormwatch 3.2
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.1(19)e1
securecomputing sidewinder 5.2
novell edirectory 8.0
sgi propack 2.4
hp hp-ux 11.11
cisco pix_firewall_software 6.0(4)
cisco firewall_services_module 1.1_(3.005)
avaya converged_communications_server 2.0
redhat linux 8.0
sco openserver 5.0.7
vmware gsx_server 3.0_build_7592
dell bsafe_ssl-j 3.1
lite speed_technologies_litespeed_web_server 1.3_rc1
securecomputing sidewinder 5.2.0.03
cisco firewall_services_module 2.1_(0.208)
checkpoint vpn-1 next_generation_fp2
openssl openssl 0.9.6k
avaya sg203 4.31.29
stonesoft stonegate 1.6.3
cisco ios 12.1(11b)e14
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_webcluster 2.0
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.8
openbsd openbsd 3.4
novell edirectory 8.7.1
cisco pix_firewall_software 6.0
hp wbem a.02.00.00
redhat openssl 0.9.7a-2
cisco access_registrar *
stonesoft stonegate 2.0.9
securecomputing sidewinder 5.2.0.04
openssl openssl 0.9.6h
freebsd freebsd 5.2
hp apache-based_web_server 2.0.43.04
avaya vsu 5000_r2.0.1
cisco ciscoworks_common_services 2.2
cisco secure_content_accelerator 10000
novell edirectory 8.5.27
freebsd freebsd 5.2.1
stonesoft stonebeat_securitycluster 2.0
checkpoint firewall-1 *
apple mac_os_x 10.3.3
avaya sg203 4.4
avaya sg5 4.4
redhat enterprise_linux_desktop 3.0
4d webstar 5.2.2
dell bsafe_ssl-j 3.0
stonesoft stonegate 1.6.2
cisco threat_response *
neoteris instant_virtual_extranet 3.1
cisco mds_9000 *
freebsd freebsd 5.1
cisco call_manager *
stonesoft stonegate 2.0.6
cisco gss_4490_global_site_selector *
redhat enterprise_linux 3.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
avaya s8300 r2.0.1
cisco pix_firewall_software 6.2(3)
lite speed_technologies_litespeed_web_server 1.2_rc1
novell edirectory 8.5
tarantella tarantella_enterprise 3.20
checkpoint vpn-1 next_generation_fp0
stonesoft stonegate_vpn_client 2.0.8
avaya s8700 r2.0.0
4d webstar 5.2
cisco ciscoworks_common_management_foundation 2.1
cisco gss_4480_global_site_selector *
avaya sg5 4.2
cisco ios 12.2sy
cisco webns 7.1_0.2.06
tarantella tarantella_enterprise 3.40
stonesoft stonegate 2.2.1
openssl openssl 0.9.6g
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.2
stonesoft stonegate 2.1
vmware gsx_server 2.0.1_build_2129
openssl openssl 0.9.7c
securecomputing sidewinder 5.2.1.02
cisco pix_firewall_software 6.3(2)
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco ios 12.1(11b)e12
sgi propack 3.0
4d webstar 4.0
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco pix_firewall_software 6.3(3.102)
lite speed_technologies_litespeed_web_server 1.2.1
redhat linux 7.2
avaya vsu 5x
cisco pix_firewall_software 6.0(3)
stonesoft stonegate 2.0.1
stonesoft stonegate 2.0.4
stonesoft stonebeat_fullcluster 1_2.0
cisco ios 12.2(14)sy1
cisco pix_firewall_software 6.3
stonesoft stonebeat_fullcluster 3.0
sun crypto_accelerator_4000 1.0
hp hp-ux 11.23
avaya vsu 2000_r2.0.1
cisco pix_firewall_software 6.1(4)
cisco pix_firewall_software 6.2(2)
stonesoft stonegate_vpn_client 1.7
stonesoft stonegate 2.2.4
securecomputing sidewinder 5.2.0.01
openbsd openbsd 3.3
checkpoint firewall-1 next_generation_fp1
cisco application_and_content_networking_software *
novell imanager 1.5
dell bsafe_ssl-j 3.0.1
cisco webns 7.10
avaya intuity_audix 5.1.46
cisco pix_firewall_software 6.1(5)
stonesoft stonegate 2.0.5
cisco pix_firewall_software 6.1(3)
securecomputing sidewinder 5.2.0.02
cisco pix_firewall 6.2.2_.111
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(4.101)
stonesoft stonegate 2.0.8
cisco content_services_switch_11500 *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.7b
avaya s8300 r2.0.0
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.3.1
cisco pix_firewall_software 6.0(2)
hp hp-ux 8.05
openssl openssl 0.9.6c
stonesoft servercluster 2.5
openssl openssl 0.9.6i
cisco pix_firewall_software 6.1(2)
openssl openssl 0.9.6f
avaya vsu 7500_r2.0.1
cisco css11000_content_services_switch *
avaya s8500 r2.0.1
sco openserver 5.0.6
neoteris instant_virtual_extranet 3.3.1
stonesoft stonegate_vpn_client 2.0.7
lite speed_technologies_litespeed_web_server 1.1.1
cisco pix_firewall_software 6.1
cisco ios 12.2(14)sy
lite speed_technologies_litespeed_web_server 1.1
stonesoft stonegate 2.2
openssl openssl 0.9.6e
stonesoft stonebeat_securitycluster 2.5
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp wbem a.01.05.08
avaya sg200 4.4
avaya intuity_audix s3400
cisco ios 12.2za
cisco ios 12.1(13)e9
stonesoft stonegate_vpn_client 2.0.9
cisco pix_firewall_software 6.2(3.100)
lite speed_technologies_litespeed_web_server 1.0.3
4d webstar 5.2.4
hp hp-ux 11.00
bluecoat cacheos_ca_sa 4.1.12
neoteris instant_virtual_extranet 3.0
bluecoat proxysg *
stonesoft servercluster 2.5.2
avaya vsu 10000_r2.0.1
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6d
symantec clientless_vpn_gateway_4400 5.0
novell edirectory 8.7
avaya s8500 r2.0.0
avaya sg5 4.3
lite speed_technologies_litespeed_web_server 1.3
cisco webns 7.1_0.1.02
cisco webns 6.10_b4
stonesoft stonegate 1.7
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.7.2
neoteris instant_virtual_extranet 3.3
avaya s8700 r2.0.1
stonesoft stonegate 1.5.17
avaya intuity_audix *
vmware gsx_server 2.0
bluecoat cacheos_ca_sa 4.1.10
avaya sg208 *
cisco css_secure_content_accelerator 2.0
cisco webns 6.10
novell edirectory 8.6.2
cisco pix_firewall_software 6.2(1)
redhat openssl 0.9.6b-3
cisco pix_firewall_software 6.1(1)
checkpoint firewall-1 next_generation_fp0
tarantella tarantella_enterprise 3.30
redhat linux 7.3
stonesoft stonegate 2.0.7
4d webstar 5.2.1
cisco webns 7.2_0.0.03
vmware gsx_server 2.5.1
hp aaa_server *
avaya vsu 5
sgi propack 2.3
lite speed_technologies_litespeed_web_server 1.3_rc3
cisco firewall_services_module 1.1.3
freebsd freebsd 4.9
avaya sg208 4.4
4d webstar 5.3.1
avaya vsu 500
lite speed_technologies_litespeed_web_server 1.3_rc2
avaya sg200 4.31.29
novell edirectory 8.5.12a
stonesoft stonegate 1.7.1
securecomputing sidewinder 5.2.1
cisco firewall_services_module *
stonesoft stonegate 1.5.18
checkpoint vpn-1 next_generation_fp1
novell imanager 2.0
4d webstar 5.3
stonesoft stonegate_vpn_client 1.7.2
cisco ios 12.1(11)e
cisco css_secure_content_accelerator 1.0
lite speed_technologies_litespeed_web_server 1.0.1
checkpoint provider-1 4.1
stonesoft stonegate_vpn_client 2.0
hp wbem a.02.00.01
lite speed_technologies_litespeed_web_server 1.2.2
cisco firewall_services_module 1.1.2
hp apache-based_web_server 2.0.43.00
openssl openssl 0.9.7a
cisco pix_firewall_software 6.2
avaya vsu 100_r2.0.1
cisco pix_firewall_software 6.3(1)
cisco pix_firewall_software 6.3(3.109)
redhat openssl 0.9.6-15
lite speed_technologies_litespeed_web_server 1.0.2
checkpoint firewall-1 2.0
cisco okena_stormwatch 3.2
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.1(19)e1
securecomputing sidewinder 5.2
novell edirectory 8.0
sgi propack 2.4
hp hp-ux 11.11
cisco pix_firewall_software 6.0(4)
cisco firewall_services_module 1.1_(3.005)
avaya converged_communications_server 2.0
redhat linux 8.0
sco openserver 5.0.7
vmware gsx_server 3.0_build_7592
dell bsafe_ssl-j 3.1
lite speed_technologies_litespeed_web_server 1.3_rc1
securecomputing sidewinder 5.2.0.03
cisco firewall_services_module 2.1_(0.208)
openssl openssl 0.9.6k
avaya sg203 4.31.29
stonesoft stonegate 1.6.3
cisco ios 12.1(11b)e14
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_webcluster 2.0
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.8
openbsd openbsd 3.4
novell edirectory 8.7.1
cisco pix_firewall_software 6.0
hp wbem a.02.00.00
redhat openssl 0.9.7a-2
cisco access_registrar *
stonesoft stonegate 2.0.9
securecomputing sidewinder 5.2.0.04
openssl openssl 0.9.6h
freebsd freebsd 5.2
hp apache-based_web_server 2.0.43.04
avaya vsu 5000_r2.0.1
checkpoint vpn-1 next_generation
cisco ciscoworks_common_services 2.2
cisco secure_content_accelerator 10000
novell edirectory 8.5.27
freebsd freebsd 5.2.1
stonesoft stonebeat_securitycluster 2.0
checkpoint firewall-1 *
apple mac_os_x 10.3.3
avaya sg203 4.4
avaya sg5 4.4
redhat enterprise_linux_desktop 3.0
4d webstar 5.2.2
dell bsafe_ssl-j 3.0
stonesoft stonegate 1.6.2
cisco threat_response *
neoteris instant_virtual_extranet 3.1
cisco mds_9000 *
freebsd freebsd 5.1
cisco call_manager *
stonesoft stonegate 2.0.6
cisco gss_4490_global_site_selector *
redhat enterprise_linux 3.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
avaya s8300 r2.0.1
cisco pix_firewall_software 6.2(3)
lite speed_technologies_litespeed_web_server 1.2_rc1
novell edirectory 8.5
tarantella tarantella_enterprise 3.20
checkpoint vpn-1 next_generation_fp0
stonesoft stonegate_vpn_client 2.0.8
avaya s8700 r2.0.0
4d webstar 5.2
cisco ciscoworks_common_management_foundation 2.1
cisco gss_4480_global_site_selector *
avaya sg5 4.2
cisco ios 12.2sy
cisco webns 7.1_0.2.06
tarantella tarantella_enterprise 3.40
stonesoft stonegate 2.2.1
openssl openssl 0.9.6g
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.2
stonesoft stonegate 2.1
vmware gsx_server 2.0.1_build_2129
openssl openssl 0.9.7c
securecomputing sidewinder 5.2.1.02
cisco pix_firewall_software 6.3(2)
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco ios 12.1(11b)e12
sgi propack 3.0
4d webstar 4.0
lite speed_technologies_litespeed_web_server 1.2_rc2
cisco pix_firewall_software 6.3(3.102)
lite speed_technologies_litespeed_web_server 1.2.1
redhat linux 7.2
avaya vsu 5x
cisco pix_firewall_software 6.0(3)
stonesoft stonegate 2.0.1
stonesoft stonegate 2.0.4
stonesoft stonebeat_fullcluster 1_2.0
cisco ios 12.2(14)sy1
cisco pix_firewall_software 6.3
stonesoft stonebeat_fullcluster 3.0
sun crypto_accelerator_4000 1.0
hp hp-ux 11.23
avaya vsu 2000_r2.0.1
cisco pix_firewall_software 6.1(4)
cisco pix_firewall_software 6.2(2)
stonesoft stonegate_vpn_client 1.7
stonesoft stonegate 2.2.4
securecomputing sidewinder 5.2.0.01
openbsd openbsd 3.3
checkpoint firewall-1 next_generation_fp1
cisco application_and_content_networking_software *
novell imanager 1.5
dell bsafe_ssl-j 3.0.1
cisco webns 7.10
avaya intuity_audix 5.1.46
cisco pix_firewall_software 6.1(5)
stonesoft stonegate 2.0.5
cisco pix_firewall_software 6.1(3)
securecomputing sidewinder 5.2.0.02
cisco pix_firewall 6.2.2_.111
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(4.101)
stonesoft stonegate 2.0.8
cisco content_services_switch_11500 *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.7b
avaya s8300 r2.0.0
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.3.1
cisco pix_firewall_software 6.0(2)
hp hp-ux 8.05
openssl openssl 0.9.6c
stonesoft servercluster 2.5
openssl openssl 0.9.6i
cisco pix_firewall_software 6.1(2)
openssl openssl 0.9.6f
avaya vsu 7500_r2.0.1
cisco css11000_content_services_switch *
avaya s8500 r2.0.1
sco openserver 5.0.6
neoteris instant_virtual_extranet 3.3.1
stonesoft stonegate_vpn_client 2.0.7
lite speed_technologies_litespeed_web_server 1.1.1
cisco pix_firewall_software 6.1
cisco ios 12.2(14)sy
lite speed_technologies_litespeed_web_server 1.1
stonesoft stonegate 2.2
openssl openssl 0.9.6e
stonesoft stonebeat_securitycluster 2.5
CVE-2004-0083 HIGH

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
openbsd openbsd 3.4
openbsd openbsd 3.3
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.11
CVE-2004-0084 HIGH

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
openbsd openbsd 3.4
openbsd openbsd 3.3
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.11
CVE-2004-0106 HIGH

Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
openbsd openbsd 3.4
openbsd openbsd 3.3
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.11
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
hp wbem a.01.05.08
avaya sg200 4.4
avaya intuity_audix s3400
cisco ios 12.2za
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.2(3.100)
4d webstar 5.2.4
hp hp-ux 11.00
bluecoat cacheos_ca_sa 4.1.12
neoteris instant_virtual_extranet 3.0
bluecoat proxysg *
forcepoint stonegate 1.5.18
stonesoft servercluster 2.5.2
avaya vsu 10000_r2.0.1
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6d
symantec clientless_vpn_gateway_4400 5.0
novell edirectory 8.7
forcepoint stonegate 2.2.4
avaya s8500 r2.0.0
avaya sg5 4.3
cisco webns 7.1_0.1.02
cisco webns 6.10_b4
apple mac_os_x_server 10.3.3
neoteris instant_virtual_extranet 3.3
avaya s8700 r2.0.1
avaya intuity_audix *
vmware gsx_server 2.0
bluecoat cacheos_ca_sa 4.1.10
avaya sg208 *
cisco css_secure_content_accelerator 2.0
cisco webns 6.10
novell edirectory 8.6.2
cisco pix_firewall_software 6.2(1)
redhat openssl 0.9.6b-3
cisco pix_firewall_software 6.1(1)
checkpoint firewall-1 next_generation_fp0
tarantella tarantella_enterprise 3.30
redhat linux 7.3
4d webstar 5.2.1
cisco webns 7.2_0.0.03
vmware gsx_server 2.5.1
forcepoint stonegate 2.0.6
hp aaa_server *
avaya vsu 5
sgi propack 2.3
cisco firewall_services_module 1.1.3
freebsd freebsd 4.9
avaya sg208 4.4
4d webstar 5.3.1
avaya vsu 500
avaya sg200 4.31.29
novell edirectory 8.5.12a
securecomputing sidewinder 5.2.1
cisco firewall_services_module *
forcepoint stonegate 2.0.1
checkpoint vpn-1 next_generation_fp1
forcepoint stonegate 2.0.5
novell imanager 2.0
4d webstar 5.3
cisco ios 12.1(11)e
cisco css_secure_content_accelerator 1.0
forcepoint stonegate 1.6.2
checkpoint provider-1 4.1
hp wbem a.02.00.01
cisco firewall_services_module 1.1.2
hp apache-based_web_server 2.0.43.00
openssl openssl 0.9.7a
cisco pix_firewall_software 6.2
avaya vsu 100_r2.0.1
cisco pix_firewall_software 6.3(1)
cisco pix_firewall_software 6.3(3.109)
redhat openssl 0.9.6-15
checkpoint firewall-1 2.0
cisco okena_stormwatch 3.2
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.1(19)e1
securecomputing sidewinder 5.2
novell edirectory 8.0
sgi propack 2.4
hp hp-ux 11.11
cisco pix_firewall_software 6.0(4)
cisco firewall_services_module 1.1_(3.005)
avaya converged_communications_server 2.0
redhat linux 8.0
sco openserver 5.0.7
vmware gsx_server 3.0_build_7592
dell bsafe_ssl-j 3.1
securecomputing sidewinder 5.2.0.03
cisco firewall_services_module 2.1_(0.208)
forcepoint stonegate 2.0.7
checkpoint vpn-1 next_generation_fp2
openssl openssl 0.9.6k
avaya sg203 4.31.29
cisco ios 12.1(11b)e14
checkpoint firewall-1 next_generation_fp2
stonesoft stonebeat_fullcluster 2.0
stonesoft stonebeat_webcluster 2.0
4d webstar 5.2.3
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.8
openbsd openbsd 3.4
novell edirectory 8.7.1
cisco pix_firewall_software 6.0
hp wbem a.02.00.00
redhat openssl 0.9.7a-2
forcepoint stonegate 2.0.8
cisco access_registrar *
securecomputing sidewinder 5.2.0.04
openssl openssl 0.9.6h
freebsd freebsd 5.2
hp apache-based_web_server 2.0.43.04
forcepoint stonegate 2.0.9
avaya vsu 5000_r2.0.1
forcepoint stonegate 1.7.2
cisco ciscoworks_common_services 2.2
cisco secure_content_accelerator 10000
novell edirectory 8.5.27
freebsd freebsd 5.2.1
stonesoft stonebeat_securitycluster 2.0
checkpoint firewall-1 *
apple mac_os_x 10.3.3
avaya sg203 4.4
avaya sg5 4.4
forcepoint stonegate 2.2.1
redhat enterprise_linux_desktop 3.0
4d webstar 5.2.2
dell bsafe_ssl-j 3.0
cisco threat_response *
neoteris instant_virtual_extranet 3.1
cisco mds_9000 *
freebsd freebsd 5.1
cisco call_manager *
cisco gss_4490_global_site_selector *
redhat enterprise_linux 3.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
avaya s8300 r2.0.1
forcepoint stonegate 2.2
cisco pix_firewall_software 6.2(3)
novell edirectory 8.5
tarantella tarantella_enterprise 3.20
checkpoint vpn-1 next_generation_fp0
avaya s8700 r2.0.0
4d webstar 5.2
cisco ciscoworks_common_management_foundation 2.1
cisco gss_4480_global_site_selector *
avaya sg5 4.2
forcepoint stonegate 1.6.3
cisco ios 12.2sy
cisco webns 7.1_0.2.06
tarantella tarantella_enterprise 3.40
openssl openssl 0.9.6g
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.2
forcepoint stonegate 2.0.4
vmware gsx_server 2.0.1_build_2129
openssl openssl 0.9.7c
securecomputing sidewinder 5.2.1.02
litespeedtech litespeed_web_server 1.0.1
cisco pix_firewall_software 6.3(2)
checkpoint vpn-1 vsx_ng_with_application_intelligence
cisco ios 12.1(11b)e12
forcepoint stonegate 1.7
sgi propack 3.0
4d webstar 4.0
cisco pix_firewall_software 6.3(3.102)
redhat linux 7.2
avaya vsu 5x
cisco pix_firewall_software 6.0(3)
stonesoft stonebeat_fullcluster 1_2.0
cisco ios 12.2(14)sy1
cisco pix_firewall_software 6.3
stonesoft stonebeat_fullcluster 3.0
sun crypto_accelerator_4000 1.0
hp hp-ux 11.23
avaya vsu 2000_r2.0.1
cisco pix_firewall_software 6.1(4)
cisco pix_firewall_software 6.2(2)
forcepoint stonegate 1.5.17
securecomputing sidewinder 5.2.0.01
openbsd openbsd 3.3
checkpoint firewall-1 next_generation_fp1
cisco application_and_content_networking_software *
novell imanager 1.5
dell bsafe_ssl-j 3.0.1
cisco webns 7.10
avaya intuity_audix 5.1.46
cisco pix_firewall_software 6.1(5)
cisco pix_firewall_software 6.1(3)
securecomputing sidewinder 5.2.0.02
cisco pix_firewall 6.2.2_.111
forcepoint stonegate 1.7.1
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(4.101)
cisco content_services_switch_11500 *
cisco webns 7.10_.0.06s
cisco pix_firewall_software 6.0(1)
openssl openssl 0.9.7b
avaya s8300 r2.0.0
cisco ios 12.1(11b)e
cisco pix_firewall_software 6.0(2)
hp hp-ux 8.05
openssl openssl 0.9.6c
stonesoft servercluster 2.5
openssl openssl 0.9.6i
forcepoint stonegate 2.1
cisco pix_firewall_software 6.1(2)
openssl openssl 0.9.6f
avaya vsu 7500_r2.0.1
cisco css11000_content_services_switch *
avaya s8500 r2.0.1
sco openserver 5.0.6
neoteris instant_virtual_extranet 3.3.1
cisco pix_firewall_software 6.1
cisco ios 12.2(14)sy
openssl openssl 0.9.6e
stonesoft stonebeat_securitycluster 2.5
CVE-2004-0114 MEDIUM

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd *
openbsd openbsd *
freebsd freebsd *
CVE-2004-0171 MEDIUM

FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 5.0
freebsd freebsd 4.8
freebsd freebsd 5.2
openbsd openbsd 3.4
freebsd freebsd 4.6.2
openbsd openbsd 3.3
freebsd freebsd 5.1
freebsd freebsd 4.9
CVE-2004-0175 MEDIUM

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 3.0.1
openbsd openssh 3.0.1p1
openbsd openssh 3.1p1
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.4
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.4p1
CVE-2004-0218 MEDIUM

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2004-0219 MEDIUM

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2004-0220 HIGH

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2004-0221 MEDIUM

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2004-0222 MEDIUM

Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2004-0257 MEDIUM

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
netbsd netbsd 1.6.1
openbsd openbsd 3.0
openbsd openbsd 3.4
openbsd openbsd 3.3
openbsd openbsd 3.1
netbsd netbsd 1.6
CVE-2004-0414 HIGH

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.11.5
cvs cvs 1.11.16
cvs cvs 1.11.15
cvs cvs 1.11.1_p1
gentoo linux 1.4
cvs cvs 1.11.3
openpkg openpkg *
cvs cvs 1.11.6
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.11.1
cvs cvs 1.11.2
cvs cvs 1.11.4
cvs cvs 1.10.7
cvs cvs 1.11.14
cvs cvs 1.12.8
cvs cvs 1.12.1
cvs cvs 1.10.8
cvs cvs 1.11.10
openpkg openpkg 1.3
openbsd openbsd 3.5
openbsd openbsd 3.4
openpkg openpkg 2.0
openbsd openbsd *
cvs cvs 1.12.2
sgi propack 3.0
cvs cvs 1.11.11
cvs cvs 1.11
CVE-2004-0416 HIGH

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.11.5
cvs cvs 1.11.16
cvs cvs 1.11.15
cvs cvs 1.11.1_p1
gentoo linux 1.4
cvs cvs 1.11.3
openpkg openpkg *
cvs cvs 1.11.6
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.11.1
cvs cvs 1.11.2
cvs cvs 1.11.4
cvs cvs 1.10.7
cvs cvs 1.11.14
cvs cvs 1.12.8
cvs cvs 1.12.1
cvs cvs 1.10.8
cvs cvs 1.11.10
openpkg openpkg 1.3
openbsd openbsd 3.5
openbsd openbsd 3.4
openpkg openpkg 2.0
openbsd openbsd *
cvs cvs 1.12.2
sgi propack 3.0
cvs cvs 1.11.11
cvs cvs 1.11
CVE-2004-0417 MEDIUM

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.11.5
cvs cvs 1.11.16
cvs cvs 1.11.15
cvs cvs 1.11.1_p1
gentoo linux 1.4
cvs cvs 1.11.3
openpkg openpkg *
cvs cvs 1.11.6
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.11.1
cvs cvs 1.11.2
cvs cvs 1.11.4
cvs cvs 1.10.7
cvs cvs 1.11.14
cvs cvs 1.12.8
cvs cvs 1.12.1
cvs cvs 1.10.8
cvs cvs 1.11.10
openpkg openpkg 1.3
openbsd openbsd 3.5
openbsd openbsd 3.4
openpkg openpkg 2.0
openbsd openbsd *
cvs cvs 1.12.2
sgi propack 3.0
cvs cvs 1.11.11
cvs cvs 1.11
CVE-2004-0418 HIGH

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
cvs cvs 1.11.5
cvs cvs 1.11.16
cvs cvs 1.11.15
cvs cvs 1.11.1_p1
gentoo linux 1.4
cvs cvs 1.11.3
openpkg openpkg *
cvs cvs 1.11.6
cvs cvs 1.12.5
cvs cvs 1.12.7
cvs cvs 1.11.1
cvs cvs 1.11.2
cvs cvs 1.11.4
cvs cvs 1.10.7
cvs cvs 1.11.14
cvs cvs 1.12.8
cvs cvs 1.12.1
cvs cvs 1.10.8
cvs cvs 1.11.10
openpkg openpkg 1.3
openbsd openbsd 3.5
openbsd openbsd 3.4
openpkg openpkg 2.0
openbsd openbsd *
cvs cvs 1.12.2
sgi propack 3.0
cvs cvs 1.11.11
cvs cvs 1.11
CVE-2004-0482 MEDIUM

Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.5
openbsd openbsd 3.4
CVE-2004-0492 HIGH

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi propack 2.4
apache http_server 1.3.29
ibm http_server 1.3.26.2
ibm http_server 1.3.26.1
apache http_server 1.3.28
hp vvos 11.04
apache http_server 1.3.31
hp virtualvault 11.0.4
hp webproxy 2.1
openbsd openbsd 3.5
openbsd openbsd 3.4
ibm http_server 1.3.28
hp webproxy 2.0
openbsd openbsd *
apache http_server 1.3.27
apache http_server 1.3.26
ibm http_server 1.3.26
CVE-2004-0687 HIGH

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.3.0
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
suse suse_linux 8.2
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
x.org x11r6 6.8
xfree86_project x11r6 4.2.1
suse suse_linux 9.0
suse suse_linux 8
xfree86_project x11r6 4.0.2.11
openbsd openbsd 3.5
xfree86_project x11r6 4.0.3
openbsd openbsd 3.4
xfree86_project x11r6 3.3.6
suse suse_linux 9.1
suse suse_linux 8.1
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.1.11
CVE-2004-0688 HIGH

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.3.0
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
suse suse_linux 8.2
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
x.org x11r6 6.8
xfree86_project x11r6 4.2.1
suse suse_linux 9.0
suse suse_linux 8
xfree86_project x11r6 4.0.2.11
openbsd openbsd 3.5
xfree86_project x11r6 4.0.3
openbsd openbsd 3.4
xfree86_project x11r6 3.3.6
suse suse_linux 9.1
suse suse_linux 8.1
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.1.11
CVE-2004-0819 MEDIUM

The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
openbsd openbsd 3.5
openbsd openbsd 3.4
openbsd openbsd 3.3
CVE-2004-1082 HIGH

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya communication_manager 1.3.1
sun solaris 9.0
sco openserver 5.0.7
sun solaris 8.0
hp webproxy a.02.00
apache http_server 1.3.28
openbsd openbsd current
hp virtualvault 4.6
avaya communication_manager 1.1
apache http_server 1.3.17
apache http_server 1.3.19
avaya intuity_audix_lx *
apache http_server 1.3.7
hp virtualvault 4.7
apache http_server 1.3
apache http_server 1.3.25
apache http_server 1.3.18
apache http_server 1.3.14
hp virtualvault 4.5
apache http_server 1.3.6
sun sunos 5.8
apache http_server 1.3.29
apache http_server 1.3.12
apache http_server 1.3.24
apache http_server 1.3.9
ibm http_server 1.3.19
avaya modular_messaging_message_storage_server 2.0
hp webproxy a.02.10
sco openserver 5.0.6
apple apache_mod_digest_apple *
apache http_server 1.3.20
avaya mn100 *
avaya modular_messaging_message_storage_server 1.1
openbsd openbsd 3.5
avaya network_routing *
openbsd openbsd 3.4
apache http_server 1.3.3
apache http_server 1.3.23
avaya communication_manager 2.0.1
apache http_server 1.3.4
apache http_server 1.3.27
apache http_server 1.3.11
apache http_server 1.3.22
apache http_server 1.3.26
apache http_server 1.3.1
avaya communication_manager 2.0
CVE-2004-1471 HIGH

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.4
freebsd freebsd 2.1.7.1
freebsd freebsd 4.5
cvs cvs 1.11.15
freebsd freebsd 2.2.2
freebsd freebsd 2.2.5
cvs cvs 1.12.7
freebsd freebsd 2.1.0
freebsd freebsd 2.2.6
freebsd freebsd 5.2
freebsd freebsd 4.6.2
cvs cvs 1.11.1
cvs cvs 1.11.2
freebsd freebsd 4.6
cvs cvs 1.11.4
freebsd freebsd 3.1
freebsd freebsd 4.4
freebsd freebsd 5.2.1
cvs cvs 1.12.8
cvs cvs 1.12.1
freebsd freebsd 2.1.6
openpkg openpkg current
cvs cvs 1.10.8
openbsd openbsd 3.5
freebsd freebsd 5.1
cvs cvs 1.11
freebsd freebsd 2.2.3
freebsd freebsd 4.7
sgi propack 2.4
freebsd freebsd 4.1
freebsd freebsd 4.2
cvs cvs 1.11.5
cvs cvs 1.11.16
freebsd freebsd 4.0
cvs cvs 1.11.1_p1
gentoo linux 1.4
openbsd openbsd current
cvs cvs 1.11.3
cvs cvs 1.11.6
freebsd freebsd 2.1.5
freebsd freebsd 3.4
cvs cvs 1.12.5
freebsd freebsd 2.0
freebsd freebsd 1.1.5.1
freebsd freebsd 4.10
freebsd freebsd 2.2
freebsd freebsd 3.5.1
freebsd freebsd 3.0
freebsd freebsd 5.0
cvs cvs 1.10.7
cvs cvs 1.11.14
freebsd freebsd 4.3
freebsd freebsd 3.3
freebsd freebsd 4.1.1
freebsd freebsd 2.2.8
freebsd freebsd 3.5
cvs cvs 1.11.10
freebsd freebsd 4.9
freebsd freebsd 2.1.6.1
openpkg openpkg 1.3
freebsd freebsd 4.8
openbsd openbsd 3.4
freebsd freebsd 3.2
openpkg openpkg 2.0
freebsd freebsd 2.0.5
cvs cvs 1.12.2
sgi propack 3.0
cvs cvs 1.11.11
CVE-2004-1653 MEDIUM

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2004-1799 HIGH

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
openbsd openbsd 3.0
openbsd openbsd 3.4
openbsd openbsd 3.3
openbsd openbsd 3.1
CVE-2004-2069 MEDIUM

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.7.1p2
openbsd openssh 3.6.1p2
CVE-2004-2163 HIGH

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
openbsd openbsd 3.5
openbsd openbsd 3.4
CVE-2004-2230 LOW

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.6
openbsd openbsd 3.5
openbsd openbsd 3.4
CVE-2004-2338 HIGH

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.4
openbsd openbsd 3.3
CVE-2004-2760 MEDIUM

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
openbsd openssh 3.5
openbsd openssh 3.5p1
CVE-2005-0356 MEDIUM

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco sn_5420_storage_router_firmware 1.1(3)
cisco sn_5420_storage_router *
cisco secure_access_control_server 3.0
cisco intelligent_contact_manager 5.0
freebsd freebsd 4.5
cisco webns 7.10_(05.07)s
cisco ciscoworks_cd1 2nd
cisco ciscoworks_access_control_list_manager 1.5
freebsd freebsd 2.2.5
freebsd freebsd 2.1.0
freebsd freebsd 2.2.6
cisco aironet_ap350 *
cisco mgx_8250 1.2.11
yamaha rt57i *
hitachi gs4000 *
cisco unity_server 2.0
cisco webns 7.30_(00.08)s
nortel callpilot 200i
cisco secure_access_control_server 3.2.1
nortel ethernet_routing_switch_1624 *
cisco web_collaboration_option *
f5 tmos 4.5.10
cisco ciscoworks_cd1 5th
cisco sn_5428_storage_router 2-3.3.2-k9
cisco webns 7.30_(00.09)s
cisco ciscoworks_lms 1.3
microsoft windows_xp *
cisco sn_5428_storage_router 3.2.2-k9
hitachi gr4000 *
cisco unity_server 2.1
microsoft windows_2003_server r2
freebsd freebsd 4.7
freebsd freebsd 4.1
cisco agent_desktop *
freebsd freebsd 4.0
cisco content_services_switch_11503 *
freebsd freebsd 5.3
yamaha rt250i *
cisco mgx_8230 1.2.11
alaxala alaxala_networks ax5400s
cisco sn_5420_storage_router_firmware 1.1(2)
cisco secure_access_control_server 3.2.2
cisco unity_server 2.4
cisco e-mail_manager *
cisco sn_5428_storage_router 2-3.3.1-k9
cisco interactive_voice_response *
freebsd freebsd 4.10
f5 tmos 4.5.9
cisco call_manager 2.0
nortel universal_signaling_point compact_lite
f5 tmos 4.4
microsoft windows_2003_server standard_64-bit
freebsd freebsd 5.0
cisco secure_access_control_server 2.3
cisco content_services_switch_11506 *
cisco call_manager 3.3(3)
cisco call_manager 3.0
cisco unity_server 2.3
f5 tmos 9.0.4
freebsd freebsd 4.9
cisco mgx_8230 1.2.10
cisco mgx_8250 1.2.10
freebsd freebsd 3.2
freebsd freebsd 2.0.5
cisco aironet_ap1200 *
f5 tmos 4.6.2
nortel callpilot 703t
freebsd freebsd 2.1.7.1
cisco personal_assistant 1.3(2)
alaxala alaxala_networks ax7800r
cisco ciscoworks_cd1 3rd
freebsd freebsd 2.2.2
f5 tmos 4.0
f5 tmos 9.0
cisco unity_server 3.0
f5 tmos 4.5.12
freebsd freebsd 3.1
cisco secure_access_control_server 2.3.5.1
cisco secure_access_control_server 3.1.1
cisco ciscoworks_cd1 1st
freebsd freebsd 4.4
nortel 7220_wlan_access_point *
cisco ciscoworks_vpn_security_management_solution *
nortel business_communications_manager 200
cisco ciscoworks_common_management_foundation 2.0
yamaha rtx1000 *
f5 tmos 9.0.1
cisco sn_5428_storage_router 3.2.1-k9
cisco secure_access_control_server 2.0
cisco secure_access_control_server 3.2(3)
cisco ciscoworks_cd1 4th
openbsd openbsd 3.5
cisco ciscoworks_1105_hosting_solution_engine *
cisco ip_contact_center_enterprise *
cisco personal_assistant 1.3(4)
nortel callpilot 702t
microsoft windows_2000 *
cisco secure_access_control_server 2.5
nortel contact_center *
cisco ciscoworks_1105_wireless_lan_solution_engine *
cisco secure_access_control_server 3.1
openbsd openbsd 3.2
nortel ethernet_routing_switch_1612 *
nortel universal_signaling_point 5200
freebsd freebsd 1.1.5.1
yamaha rt300i *
nortel 7250_wlan_access_point *
cisco content_services_switch_11000 *
cisco call_manager 3.1
cisco ip_contact_center_express *
freebsd freebsd 4.3
freebsd freebsd 3.5
cisco secure_access_control_server 2.6.4
cisco secure_access_control_server 3.0.1
freebsd freebsd 4.8
cisco unity_server 2.2
yamaha rtx2000 *
openbsd openbsd 3.4
cisco unity_server 3.2
cisco webns 7.20_(03.10)s
openbsd openbsd 3.6
freebsd freebsd 2.2.4
cisco sn_5420_storage_router_firmware 1.1.3
cisco remote_monitoring_suite_option *
hitachi alaxala ax
cisco content_services_switch_11501 *
freebsd freebsd 5.2
cisco call_manager 4.0
freebsd freebsd 5.4
microsoft windows_2003_server enterprise_64-bit
cisco ciscoworks_common_services 2.2
f5 tmos 4.5
freebsd freebsd 5.2.1
cisco secure_access_control_server 3.3
cisco secure_access_control_server 2.6.3
cisco ciscoworks_access_control_list_manager 1.6
nortel business_communications_manager 400
cisco sn_5420_storage_router_firmware 1.1(5)
nortel succession_communication_server_1000 *
freebsd freebsd 5.1
f5 tmos 9.0.2
cisco secure_access_control_server 2.6
cisco personal_assistant 1.3(1)
cisco call_manager 1.0
cisco personal_assistant 1.3(3)
freebsd freebsd 2.1.5
cisco content_services_switch_11800 *
cisco unity_server 3.3
nortel optical_metro_5100 *
microsoft windows_2003_server enterprise
cisco secure_access_control_server 2.42
cisco content_services_switch_11150 *
cisco call_manager 3.1(3a)
nortel optical_metro_5200 *
freebsd freebsd 2.2
f5 tmos 4.3
cisco ciscoworks_common_management_foundation 2.1
cisco conference_connection 1.2
cisco secure_access_control_server 3.3(1)
cisco content_services_switch_11050 *
freebsd freebsd 4.1.1
cisco secure_access_control_server 3.3.1
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6.1
cisco sn_5420_storage_router_firmware 1.1(7)
yamaha rt105 *
freebsd freebsd 4.11
cisco secure_access_control_server 3.3.2
cisco conference_connection 1.1(1)
yamaha rtx1100 *
cisco ciscoworks_windows *
cisco unity_server 3.1
f5 tmos 9.0.3
freebsd freebsd 4.6.2
cisco sn_5428_storage_router 2.5.1-k9
f5 tmos 4.6
cisco call_manager 3.2
f5 tmos 4.2
freebsd freebsd 4.6
cisco secure_access_control_server 3.2(2)
cisco sn_5420_storage_router_firmware 1.1(4)
cisco secure_access_control_server 2.6.2
cisco call_manager 3.1(2)
cisco meetingplace *
openbsd openbsd 3.3
nortel ethernet_routing_switch_1648 *
freebsd freebsd 2.1.6
cisco support_tools *
yamaha rtx1500 *
openbsd openbsd 3.0
f5 tmos 9.0.5
microsoft windows_2003_server web
cisco webns 7.20_(03.09)s
nortel callpilot 201i
openbsd openbsd 3.1
cisco ciscoworks_windows_wug *
cisco sn_5428_storage_router 3.3.1-k9
microsoft windows_2003_server standard
freebsd freebsd 2.2.3
cisco personal_assistant 1.4(1)
nortel business_communications_manager 1000
cisco sn_5428_storage_router 3.3.2-k9
freebsd freebsd 4.2
cisco call_manager 3.3
cisco secure_access_control_server 2.3.6.1
cisco content_services_switch_11500 *
cisco secure_access_control_server 3.0.3
freebsd freebsd 3.4
cisco secure_access_control_server 2.4
freebsd freebsd 2.0
alaxala alaxala_networks ax7800s
f5 tmos 4.5.11
cisco unity_server 4.0
freebsd freebsd 3.5.1
freebsd freebsd 3.0
cisco ciscoworks_common_management_foundation 2.2
freebsd freebsd 3.3
cisco secure_access_control_server 3.2(1.20)
cisco secure_access_control_server 3.2(1)
nortel optical_metro_5000 *
yamaha rtv700 *
cisco unity_server 2.46
hitachi gr3000 *
nortel survivable_remote_gateway 1.0
cisco secure_access_control_server 3.2
cisco emergency_responder 1.1
cisco secure_access_control_server 2.1
cisco personal_assistant 1.4(2)
f5 tmos 4.5.6
CVE-2005-0637 MEDIUM

The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.6
openbsd openbsd 3.5
CVE-2005-0740 MEDIUM

The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 3.6
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 3.3
openbsd openbsd 2.5
openbsd openbsd 2.9
openbsd openbsd 3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 3.5
openbsd openbsd 3.0
openbsd openbsd 3.4
openbsd openbsd 2.1
openbsd openbsd 3.1
openbsd openbsd 2.7
CVE-2005-0960 MEDIUM

Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.6
openbsd openbsd 3.5
CVE-2005-2666 LOW

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 3.0.1
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 3.1p1
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.9.1
openbsd openssh 3.8
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.4p1
openbsd openssh 3.7.1p2
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 3.9.1p1
openbsd openssh 3.5p1
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 3.8.1
openbsd openssh 3.4
openbsd openssh 3.6.1
CVE-2005-2797 MEDIUM

OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 4.0
CVE-2005-2798 MEDIUM

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 3.0.1
openbsd openssh 4.0p1
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 3.1p1
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.9.1
openbsd openssh 3.8
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.4p1
openbsd openssh 3.7.1p2
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 3.9.1p1
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 3.8.1
openbsd openssh 3.4
openbsd openssh 3.6.1
CVE-2005-4351 MEDIUM

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel *
dragonfly dragonfly *
openbsd openbsd *
freebsd freebsd *
freebsd freebsd 7.0
CVE-2006-0098 MEDIUM

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.7
openbsd openbsd 3.8
CVE-2006-0225 MEDIUM

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 3.0.1
openbsd openssh 4.0p1
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 3.1p1
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.9.1
openbsd openssh 3.8
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.4p1
openbsd openssh 3.7.1p2
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 3.9.1p1
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 3.4
openbsd openssh 3.6.1
CVE-2006-0883 MEDIUM

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openbsd openssh 3.8.1p1
freebsd freebsd 5.3
freebsd freebsd 5.4
CVE-2006-5051 HIGH

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
openbsd openssh *
apple mac_os_x_server *
debian debian_linux 3.1
apple mac_os_x *
CVE-2006-6397 MEDIUM

Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
netbsd netbsd 2.0.4
openbsd openbsd *
CVE-2007-6700 MEDIUM

Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openbsd openbsd 4.1
CVE-2008-4109 MEDIUM

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.1
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 2.9p2
openbsd openssh 2
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 4.4
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.8
openbsd openssh 3.4p1
openbsd openssh 3.7.1p1
openbsd openssh 1.2
openbsd openssh 2.3.1
openbsd openssh 4.1
openbsd openssh 4.2
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 4.4p1
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 1.2.1
openbsd openssh 4.0p1
openbsd openssh 2.9.9p2
openbsd openssh 4.0
openbsd openssh 2.9
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 4.3p1
openbsd openssh 2.2
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3p2
openbsd openssh 3.9.1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 3.7.1p2
openbsd openssh *
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 1.5.8
openbsd openssh 1.2.27
openbsd openssh 3.9.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 2.5.1
openbsd openssh 2.5
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2008-4609 HIGH

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
cisco ios 12.1(6)ea1a
cisco ios 12.3(3i)
cisco ios 12.2xd
cisco ios 12.2sx
cisco ios 12.2(4)t1
cisco ios 12.0(16)w5(21)
cisco ios 12.2(3d)
cisco ios 12.2yj
cisco ios 12.3xj
linux linux_kernel 2.6.12.4
linux linux_kernel 2.5.20
cisco ios 11.0
cisco ios 12.2f
cisco ios 12.0(7)xk3
linux linux_kernel 2.6.21.4
cisco ios 12.3(8)yi3
cisco ios 12.1(3)dc2
cisco ios 12.0xc
cisco ios 11.2(8)p
cisco ios 11.2(15a)p
cisco ios 12.3(2)ja
freebsd freebsd 1.1.5
cisco ios 12.0(7)t
cisco ios 12.2(6c)
freebsd freebsd 2.2.1
cisco catalyst_blade_switch_3120_firmware *
freebsd freebsd 4.7
cisco ios 12.2(13)t
cisco ios 12.0(8)
linux linux_kernel 2.4.20
linux linux_kernel 2.6.13.5
cisco ios 12.2yd
cisco ios 11.2(16)p
cisco ios 12.1(20)e2
cisco ios 12.2(18)s10
freebsd freebsd 5.3
cisco ios 12.0(10a)
netbsd netbsd 1.6
cisco ios 11.3wa4
cisco ios 12.0(7)dc1
cisco ios 12.3yu
cisco ios 12.3(7)ja1
cisco ios 12.2ys
freebsd freebsd 4.10
cisco ios 12.3(11)t5
cisco ios 12.0(15)sl
cisco ios 12.1(22)e1
cisco ios 12.3(9a)bc
cisco ios 12.0xk
cisco ios 12.2(2)xu2
cisco ios 12.3xi
cisco ios 12.0(10)w5
cisco ios 12.1(6.5)ec3
cisco ios 12.3(1a)
cisco ios 12.1(5)yh3
cisco ios 12.3yj
cisco ios 12.2(26)sv1
linux linux_kernel 2.0.21
linux linux_kernel 2.4.21
cisco ios 12.2(27)sv1
cisco ios 12.1(7)ec
linux linux_kernel 2.6.11.5
freebsd freebsd 2.0.5
cisco ios 12.3(2)xe4
cisco ios 12.2(20)ewa2
cisco ios 12.2s
cisco ios 12.0(19)st
cisco ios 12.1(20)e5
cisco ios 12.3t
cisco ios 12.1(4)ea1e
cisco ios 12.2(11)t2
cisco ios 12.2(4)ya11
linux linux_kernel 2.6.11.2
linux linux_kernel 2.5.55
cisco ios 12.1ez
cisco ios 12.2(14)su2
cisco ios 12.3(15)
cisco ios 12.3(11)ys1
linux linux_kernel 2.3.50
cisco ios 12.1(8)ea2b
cisco ios 12.3(8)yg1
linux linux_kernel 2.5.27
cisco ios 12.0(19)st6
cisco ios 12.3(4)t2
linux linux_kernel 2.6.18.7
cisco ios 12.1(4)xm4
cisco ios 12.1(20)e1
freebsd freebsd 4.4
cisco ios 11.1(36)cc2
cisco ios 12.2(11)t9
cisco ios 12.0(30)s4
cisco ios 12.2(4)ya8
cisco ios 12.2(18)sxd5
linux linux_kernel 2.6.16.51
cisco ios 12.1(4)db2
cisco ios 4.1.1
cisco ios 12.1(5)db1
cisco ios 12.3(4)xg5
cisco ios 11.2bc
cisco ios 11.2(19)gs0.2
cisco ios 11.2(8)
cisco ios 11.2(26e)
cisco ios 12.1(2b)
cisco ios 12.2(17)zd3
cisco ios 12.0wx
linux linux_kernel 2.4.8
cisco ios 12.0(16)sc3
cisco ios 12.2(4)ya9
cisco ios 12.3jea
cisco ios 12.1xa
cisco ios 12.1(8a)ew1
cisco ios 12.3ja
cisco ios 12.2(23)
cisco ios 12.2(10.5)s
linux linux_kernel 2.3.22
cisco ios 12.2ewa
linux linux_kernel 2.0.7
netbsd netbsd 1.0
cisco ios 11.1(24b)
cisco ios 12.2(15)bc2h
cisco ios 12.2fy
cisco ios 12.0(11a)
cisco ios 12.3xq
linux linux_kernel 2.0.25
linux linux_kernel 2.5.16
cisco ios 12.0(4)xe1
linux linux_kernel 2.4.0
cisco ios 12.3xg
cisco ios 12.2
cisco ios 12.2(11)yv
cisco ios 11.2(15b)
cisco ios 12.2(20)s
linux linux_kernel 2.3.45
linux linux_kernel 2.5.18
cisco ios 12.3(5a)
microsoft windows_server_2008 -
linux linux_kernel 2.0.12
cisco ios 12.3(4)tpc11a
cisco ios 12.3xx
cisco ios 12.0dc
cisco ios 12.2xl
cisco ios 12.0(8.3)sc
cisco ios 12.2(17b)sxa
linux linux_kernel 2.6.16.39
cisco ios 12.0(7)xk
cisco ios 12.0(25)w5(27c)
freebsd freebsd 5.4
cisco ios 12.2(18)ew5
cisco ios 12.3(4)xk3
cisco ios 11.0(18)
linux linux_kernel 2.4.27
cisco ios 12.0st
cisco ios 12.0(21)sx
cisco ios 12.3(13b)
cisco ios 12.1(20)ew
cisco ios 12.0(18b)
netbsd netbsd 1.3.3
cisco ios 12.2(15)bc2i
cisco ios 12.2(4)xw
linux linux_kernel 2.3.34
cisco ios 12.1(5c)e12
linux linux_kernel 2.4.24
cisco ios 12.1ev
cisco ios 12.2(13)t1
cisco ios 12.2(13)zf
freebsd freebsd 2.2.7
cisco ios 12.2(7)da
cisco ios 12.0(5)xu
cisco ios 12.0(28)s3
cisco ios 12.2(13)zd4
cisco ios 12.0(10)
linux linux_kernel 2.6.16.14
linux linux_kernel 2.6.16.5
cisco ios 12.0(14)s7
cisco ios 12.1(20)ea1a
freebsd freebsd 1.5
cisco ios 12.0(7)t2
linux linux_kernel 2.6.16.43
cisco ios 12.3(7)jx
cisco ios 12.2sy
cisco ios 12.1(20)eo1
cisco ios 12.2(2)xr
cisco ios 12.3(7)xr3
linux linux_kernel 2.6.22
linux linux_kernel 2.5.42
cisco ios 12.0(3.3)s
cisco ios 12.2(1.4)s
cisco ios 12.0(20)st7
cisco ios 12.1(5e)
cisco ios 12.2(12)
linux linux_kernel 2.0.13
cisco ios 11.0(20.3)
cisco ios 12.2(16)b
cisco ios 12.2xe
cisco ios 12.2(15)t9
cisco ios 12.2(1)xd3
linux linux_kernel 2.2.14
cisco ios 12.2(24)sv1
cisco ios 12.1(5)xr2
cisco ios 12.2(5)ca1
cisco ios 12.2(2)b
cisco ios 12.3(14)t
cisco ios 12.2(1)xe3
cisco ios 12.2(15)mc2c
cisco ios 12.1(19.3)e
cisco ios 12.3(6e)
cisco ios 12.3(9d)
cisco ios 11.2(4)xa
cisco ios 12.2so
cisco ios 12.1(3)xq
linux linux_kernel 2.6.16.15
cisco ios 12.1(4)xz7
cisco ios 12.3(7)t8
openbsd openbsd 2.5
cisco ios 12.0(15)s6
linux linux_kernel 2.5.7
cisco ios 12.4(3b)
cisco ios 12.2(2)xh3
cisco ios 12.2(13)zk
linux linux_kernel 2.6.11.12
freebsd freebsd 2.2.3
cisco ios 12.1(20)e3
cisco ios 12.1db
linux linux_kernel 2.5.62
cisco ios 12.4(5b)
cisco ios 12.1(5a)e
cisco ios 12.2xj
cisco ios 12.2(15)bc1f
cisco ios 12.3(4)xk4
linux linux_kernel 2.6.16.20
cisco ios 12.2mc
cisco ios 12.2zh
cisco ios 12.2(14)s14
cisco ios 12.0(14)w5(20)
cisco ios 12.2(15)zj3
cisco ios 12.2(15)zl1
linux linux_kernel 2.3.2
cisco ios 12.1eo
cisco ios 12.3yr
linux linux_kernel 2.5.57
linux linux_kernel 2.3.0
cisco ios 12.3jx
cisco ios 12.0(27)s1
linux linux_kernel 2.6.18.0
cisco ios 12.2(14)sz1
cisco ios 12.1(8b)ex4
cisco ios 12.3(8)ja1
cisco ios 12.1(8b)e18
cisco ios 12.2(4)ya10
cisco ios 12.3(11)yr
cisco ios 9.1
cisco ios 12.0(21)s3
cisco ios 12.2dx
cisco ios 12.4t
cisco ios 12.1xx
linux linux_kernel 2.6.17.2
cisco ios 12.1gb
linux linux_kernel 2.3.47
cisco ios 12.0(21)st6
cisco ios 12.1xt
cisco ios 12.2(25)s4
cisco ios 12.2(15)jk4
cisco ios 12.0xp
linux linux_kernel 2.5.9
cisco ios 12.2(18)ew2
cisco ios 12.1(7b)
cisco ios 12.3(15b)
cisco ios 12.1(11)ec
linux linux_kernel 2.3.10
cisco ios 12.3yd
cisco ios 12.2(15)bc1
cisco ios 12.2(25)ey2
cisco ios 12.2(13e)
cisco ios 12.2(4)t
linux linux_kernel 2.6.16.6
cisco ios 12.1(14)e4
cisco ios 12.2(25)seb4
cisco ios 12.1(13)ew
cisco ios 11.2(26)p5
cisco ios 12.1(12)e
openbsd openbsd 3.8
cisco ios 12.2yx
cisco ios 12.2(13a)
linux linux_kernel 2.2.17
cisco ios 12.1(8b)e16
cisco ios 12.1(22)eb
cisco ios 12.0(6)
linux linux_kernel 2.6.17.14
cisco ios 12.2(29a)
linux linux_kernel 2.3.7
cisco ios 12.2(15)zj2
cisco ios 12.4xc
cisco ios 12.0(17)sl6
linux linux_kernel 2.6.16.12
linux linux_kernel 2.6.13.3
linux linux_kernel 2.4.4
cisco ios 12.3(7)t10
cisco ios 12.1(2)xf
netbsd netbsd 3.0.1
cisco ios 12.1xs
cisco ios 12.2(4)ja1
cisco ios 12.4xa
cisco ios 12.2(13)t9
cisco ios 12.0(5.1)xp
linux linux_kernel 2.6.11.11
cisco ios 12.0(19a)
cisco ios 12.0xi
cisco ios 12.1xz
cisco ios 12.2(14.5)t
cisco ios 12.2xu
cisco ios 12.4ja
cisco ios 12.2(13)zh8
freebsd freebsd 1.1
linux linux_kernel 2.2.0
cisco ios 12.1(22)ea4a
cisco ios 12.2(13)ja1
cisco ios 12.3tpc
cisco ios 12.2xi
cisco ios 12.2(15)t8
cisco ios 12.1(19)e1
microsoft windows_2000 -
cisco ios 12.1(5)xm7
linux linux_kernel 2.3.25
linux linux_kernel 2.5.53
linux linux_kernel 2.3.39
cisco ios 12.0(26)w5(28a)
cisco ios 12.0(25)s1
cisco ios 12.2(12.05)s
cisco ios 12.2(1)
cisco ios 12.2(15)t5
linux linux_kernel 2.5.43
cisco ios 12.1(23)e4
cisco ios 12.2yk
cisco ios 11.1(28a)ct
cisco ios 12.1(11.5)e
linux linux_kernel 2.3.32
cisco ios 10.3(19a)
cisco ios 12.0(10)w5(18g)
cisco ios 12.2(13)zh3
cisco ios 12.2mb
linux linux_kernel 2.5.46
cisco ios 12.1(5)xm
cisco ios 11.2(16)
cisco ios 12.0(2)xc
cisco ios 12.0(5)wc5a
cisco ios 12.1(5)da1
cisco ios 12.2(12b)
cisco ios 8.2
cisco ios 12.1(4)xz
cisco ios 12.2(2)xi1
cisco ios 12.3(8)yf
cisco ios 12.1(19)fc1
linux linux_kernel 2.3.48
bsd bsd 4.2
cisco ios 12.2(12)da8
cisco ios 12.0xb
cisco ios 12.1(5)ya
cisco ios 12.1(6)ea1
cisco ios 12.1(22)ea3
cisco ios 12.0(5)t1
cisco ios 12.3bc
linux linux_kernel 2.0.20
cisco ios 12.2(2)xj
cisco ios 12.3xz
cisco ios 12.0(19)st2
cisco ios 12.3(2)xc4
cisco ios 12.1xe
cisco ios 12.2(14)sz2
linux linux_kernel 2.5.36
cisco ios 12.2zf
linux linux_kernel 2.5.32
cisco ios 12.3xd
linux linux_kernel 2.6.17.11
cisco ios 11.0(12)
cisco ios 12.0xq
cisco ios 12.1(5)xu1
cisco ios 12.0(9a)
cisco ios 12.0(18)s5a
cisco ios 12.3(7)t
linux linux_kernel 2.6.18.8
cisco ios 12.1(10)e4
cisco ios 12.1(6)
cisco ios 12.1(19)ew3
cisco ios 12.2(7c)
linux linux_kernel 2.6.11.3
cisco ios 12.1(3)xt3
cisco ios 12.2zi
linux linux_kernel 2.6.22.7
cisco ios 12.0xr
cisco ios 12.3yl
linux linux_kernel 2.6.21.1
cisco ios 12.3(7)xi4
cisco ios 11.2(18)
cisco ios 12.0xg
cisco ios 12.1az
cisco ios 12.1(5)xm4
linux linux_kernel 2.5.60
cisco ios 12.3(4)t3
cisco ios 12.2zj
cisco ios 12.1(20)e
cisco ios 12.2(20)s2
freebsd freebsd 2.0.1
linux linux_kernel 2.6.17.7
linux linux_kernel 2.4.35
cisco ios 12.0(4)s
cisco ios 12.4xn
cisco ios 12.0s
cisco ios 12.1(3a)t7
cisco ios 12.2(1)xh
dragonflybsd dragonflybsd 1.1
cisco ios 12.2(12)da9
cisco ios 12.1(27b)
bsd bsd 4.1
cisco ios 12.2xn
cisco ios 12.3(4)ja1
cisco ios 12.2(18)sv
cisco ios 12.2sv
cisco ios 12.3(8)t4
cisco ios 12.2(15)zj1
cisco ios 12.2(20)s4
cisco ios 12.0(7)xe2
cisco ios 12.1(4)dc2
cisco ios 12.2zp
cisco ios 12.2(25)sw3a
cisco ios 11.3
cisco ios 12.1(2)xf4
linux linux_kernel 2.3.20
cisco ios 12.3(11)yf2
netbsd netbsd 2.0
cisco ios 10.3(3.3)
linux linux_kernel 2.5.37
cisco ios 12.0(16)s8
linux linux_kernel 2.3.43
cisco ios 12.0(23)s4
cisco ios 12.0(28)s5
cisco ios 12.2yc
cisco ios 12.1(5)xg5
cisco ios 12.3(11)ys
linux linux_kernel 2.3.38
cisco ios 12.2(4)b2
cisco ios 12.2pb
cisco ios 12.3xv
cisco ios 12.0(25)w5-27d
cisco ios 12.2(1b)
cisco ios 12.2ez
cisco ios 12.0(2)xe
linux linux_kernel 2.4.6
cisco ios 12.1(13)
openbsd openbsd 3.1
linux linux_kernel 2.5.3
cisco ios 12.1(5)xy6
cisco ios 12.1(10a)
cisco ios 12.3(7)t12
cisco ios 12.2(4)mx1
linux linux_kernel 2.6.18
cisco ios 12.1(9)aa
cisco ios 12.0(15a)
cisco ios 11.3(8)t1
cisco ios 12.3(8)ja
cisco ios 12.1ey
netbsd netbsd 4.0
cisco ios 12.3(4)xg2
linux linux_kernel 2.6.16.33
cisco ios 12.1(10)ec1
cisco ios 12.2(12m)
bsdi bsd_os 2.0
cisco ios 11.1(9)ia
cisco ios 12.2(14)s13
linux linux_kernel 2.6.22.3
cisco ios 12.0(5)xk2
cisco ios 9.14
cisco ios 12.2(2)bx
cisco ios 12.4md
cisco ios 12.1(5)yh
cisco ios 12.0(20)sx
cisco ios 12.2(20)ewa
linux linux_kernel 2.6.17.6
linux linux_kernel 2.2.7
cisco ios 12.1(10)e
cisco ios 12.4(3d)
cisco ios 12.0(3)
cisco ios 12.3(4)xk
freebsd freebsd 5.5
netbsd netbsd 1.5.3
cisco ios 12.1(4a)
openbsd openbsd 2.2
cisco ios 12.3(14)t4
linux linux_kernel 2.0.39
dragonflybsd dragonflybsd 1.2
linux linux_kernel 2.6.12.5
cisco ios 12.0(1)
cisco ios 12.2(25)ewa4
linux linux_kernel 2.2.18
cisco ios 11.3na
cisco ios 12.1(8b)e8
linux linux_kernel 2.5.29
cisco ios 12.2zc
cisco ios 12.2(2)yc
cisco ios 12.2mx
cisco ios 12.0(16)st1
linux linux_kernel 2.4.26
cisco ios 12.1(3)xt
cisco ios 12.3(11)yf3
netbsd netbsd 3.1
cisco ios 12.3(4)xd1
cisco ios 11.2gs
linux linux_kernel 2.5.11
linux linux_kernel 2.6.16.34
linux linux_kernel 2.5.48
cisco ios 11.3(11b)t2
cisco ios 12.2(24)sv
freebsd freebsd -
cisco ios 12.1yh
cisco ios 12.1(20)ec2
cisco ios 12.3(12e)
linux linux_kernel 2.5.6
cisco ios 12.0(26)s1
linux linux_kernel 2.3.42
cisco ios 12.3(8)t8
cisco ios 12.1(3a)t4
openbsd openbsd 4.2
cisco ios 12.2yn
cisco ios 12.3(10e)
cisco ios 12.1(7)da3
cisco ios 12.4xl
cisco ios 12.0(05)wc8
cisco ios 12.0t
cisco ios 12.0(1)xa3
netbsd netbsd 2.0.4
cisco ios 12.0(3.2)
cisco ios 11.1(13)
cisco ios 12.2(18)sxe3
cisco ios 11.2wa4
linux linux_kernel 2.6.17.5
cisco ios 12.1ga
freebsd freebsd 4.9
linux linux_kernel 2.6.15.6
linux linux_kernel 2.6.16.40
cisco ios 12.4mr
cisco ios 11.3(1)
cisco ios 12.2(22)s2
cisco ios 12.0(3.4)t
cisco ios 11.2(4)f
cisco ios 12.2(2)t
cisco ios 12.2(15)jk2
linux linux_kernel 2.2.12
netbsd netbsd 1.4.2
cisco ios 12.0(7)wx5(15a)
linux linux_kernel 2.0.35
linux linux_kernel 2.2.3
cisco ios 12.1s
cisco ios 12.1(6)ea2c
cisco ios 12.1(8)ea
cisco ios 12.0(16.06)s
dragonflybsd dragonflybsd 1.10.1
openbsd openbsd 4.1
linux linux_kernel 2.5.4
cisco ios 12.0sc
linux linux_kernel 2.6.20.4
cisco ios 12.2(17)a
linux linux_kernel 2.4.33.3
linux linux_kernel 2.1
linux linux_kernel 2.5.52
cisco ios 11.2p
cisco ios 11.1(36)ca4
cisco ios 12.2sbc
netbsd netbsd 2.1
linux linux_kernel 2.6.20.9
netbsd netbsd 3.0.2
cisco ios 12.0(22)s4
cisco ios 12.3xb
cisco ios 11.1(24c)
linux linux_kernel 2.4.1
cisco ios 11.2wa3
cisco ios 12.3xe
cisco ios 12.2(15)t16
cisco ios 12.2(13)zj
cisco ios 12.2yo
linux linux_kernel 2.6.5
cisco ios 12.3yz
cisco ios 12.3(12)
linux linux_kernel -
cisco ios 12.4xt
cisco ios 12.4(8)
cisco ios 12.2(17a)
cisco ios 12.0wc
cisco ios 12.2(15)zk
cisco ios 12.0xm
cisco ios 12.2(8)tpc10a
cisco ios 12.3(2)ja5
cisco ios 12.2(1)xd1
linux linux_kernel 2.3.15
cisco ios 12.3(4)xd2
cisco ios 12.0(9)s
cisco ios 11.2(8)sa1
cisco ios 12.0(3)t2
cisco ios 12.1(20)ew4
cisco ios 12.2t
cisco ios 12.3(6)
cisco ios 12.2(25)s3
linux linux_kernel 2.4.14
linux linux_kernel 2.2.8
cisco ios 12.2bx
cisco ios 12.3(4)t4
linux linux_kernel 2.5.28
cisco ios 12.4xf
freebsd freebsd 3.5
cisco ios 12.0(1)xe
cisco ios 12.1(5c)ex
cisco ios 12.1(7)da2
cisco ios 12.2(11)yp1
cisco ios 12.1(8)ea1b
openbsd openbsd 3.9
cisco ios 12.0(26)s
freebsd freebsd 4.8
cisco ios 12.1(19)e6
cisco ios 12.1(26)eb1
cisco ios 12.2(11)t8
linux linux_kernel 2.6.16.21
cisco ios 11.3ma
cisco ios 12.4(5)
freebsd freebsd 2.2.4
cisco ios 12.2(4)b3
cisco ios 12.3(14)yu1
cisco ios 12.0(7)xe
linux linux_kernel 2.4.35.2
cisco ios 12.3(4)eo1
linux linux_kernel 2.4.5
openbsd openbsd 2.8
cisco ios 12.2(12i)
linux linux_kernel 2.6.24
cisco ios 11.1(11)
linux linux_kernel 2.4.33
cisco ios 11.1(13)ca
cisco ios 12.3(7)t4
cisco ios 12.3(11)xl
cisco ios 12.0(22)s5
linux linux_kernel 2.3.33
cisco ios 12.0(16)s
cisco ios 12.3(2)t8
linux linux_kernel 2.3.23
cisco ios 11.2(15)g
cisco ios 11.3da
cisco ios 12.0(1)st
linux linux_kernel 2.3.18
linux linux_kernel 2.2.4
cisco ios 12.0(30)s1
cisco ios 12.3yk
cisco ios 12.3(8)yg
cisco ios 12.2sxe
linux linux_kernel 2.4.23
linux linux_kernel 2.6.16.35
linux linux_kernel 2.5.10
cisco ios 11.1(20)aa4
cisco ios 12.1ec
cisco ios 12.2(4)xm
microsoft windows_server_2003 -
cisco ios 12.0(26)s6
cisco ios 12.2(4)t6
cisco ios 12.1(12a)
cisco ios 12.0(14)st
cisco ios 12.1(5)yd2
cisco ios 12.2(10)da2
cisco ios 12.1(1)ex
linux linux_kernel 2.0.17
freebsd freebsd 2.2
cisco ios 12.1dc
cisco ios 12.1(5)yd
linux linux_kernel 2.2.19
linux linux_kernel 2.6.16.11
cisco ios 12.1(8)
cisco ios 12.2zm
linux linux_kernel 2.6.16.26
cisco ios 12.2(2)xk2
cisco ios 12.1(9)ex
cisco ios 12.0(2b)
openbsd openbsd 3.7
cisco ios 12.2(18)se
cisco ios 12.2(8)yy
cisco ios 12.0(8.0.2)s
cisco ios 12.2by
cisco ios 12.2(8)ja
cisco ios 12.0(8)s1
linux linux_kernel 2.4.2
linux linux_kernel 2.0.37
cisco ios 12.1(12)
cisco ios 12.1(13)e7
cisco ios 12.1xr
cisco ios 12.0xl
cisco ios 12.3(9a)bc7
linux linux_kernel 2.0.33
cisco ios 12.1(22)ea4
cisco ios 12.0(19)sl4
cisco ios 12.3(8)yi1
cisco ios 12.1(7)
cisco ios 12.3(11)t4
cisco ios 12.2(19)
cisco ios 12.2yb
cisco ios 12.1(9)
cisco ios 12.2sa
linux linux_kernel 2.6.12.12
cisco ios 12.2(1)t
freebsd freebsd 2.1.6
cisco ios 12.0(27)sv
cisco ios 11.1
cisco ios 12.1ya
cisco ios 12.2(13)t14
cisco ios 12.2(23a)
cisco ios 12.3(8)t9
cisco ios 12.2n
cisco ios 12.2(2)xc1
linux linux_kernel 2.0.3
cisco ios 12.2(28)
bsdi bsd_os 1.1
cisco ios 12.2(25)fx
cisco ios 12.0(5)wc2
cisco ios 12.2(15)zl
cisco ios 12.1(5)xv5
cisco ios 12.0(3d)
cisco ios 12.1(2)xf5
cisco ios 12.3(8)t7
cisco ios 12.1(10)ex
cisco ios 12.2(11)yx1
linux linux_kernel 2.0.27
bsdi bsd_os 3.1
freebsd freebsd 2.0
cisco ios 12.3ys
cisco ios 12.3xf
linux linux_kernel 2.0.4
cisco ios 12.2(21)
cisco ios 12.4xv
cisco ios 12.0(23)sz
cisco ios 12.1(12c)ev01
cisco ios 12.0da
linux linux_kernel 2.5.24
cisco ios 12.1(2)t
cisco ios 11.1(18)
cisco ios 12.1(19)e
cisco ios 11.1(5)
linux linux_kernel 2.6.18.5
cisco ios 12.3(13)
linux linux_kernel 2.4.25
cisco ios 12.2(15)bc2f
cisco ios 12.2(19)b
cisco ios 12.1(3a)e7
linux linux_kernel 2.4.13
cisco ios 12.2ja
linux linux_kernel 2.6.14.5
linux linux_kernel 2.2.21
linux linux_kernel 2.6.20.11
linux linux_kernel 2.5.12
cisco ios 12.0sy
cisco ios 12.0(5)wc
cisco ios 12.0(7.4)s
cisco ios 12.2(28c)
linux linux_kernel 2.0.24
linux linux_kernel 2.3.28
linux linux_kernel 2.3.46
cisco ios 12.0(21)s
linux linux_kernel 2.3.21
linux linux_kernel 2.6.11.9
cisco ios 12.1(18)
linux linux_kernel 2.6.22.4
netbsd netbsd 2.0.1
cisco ios 12.2(17d)sxb
cisco ios 12.0(28d)
cisco ios 12.1eb
cisco ios 12.2(6.8)t1a
cisco ios 12.2(4)mx
cisco ios 10.3
linux linux_kernel 2.2.16
cisco ios 12.1(22)ea5a
cisco ios 12.4xw
linux linux_kernel 2.6.16.8
linux linux_kernel 2.6.17.1
cisco ios 12.3xa
cisco ios 11.2(23a)bc1
cisco ios 11.1(14)
cisco ios 12.2(2)xi2
cisco ios 12.2(27b)
cisco ios 10.3(4.2)
linux linux_kernel 2.3.37
cisco ios 12.2(14)za8
cisco ios 12.0sx
cisco ios 12.2(23)sw
linux linux_kernel 2.6.16.45
cisco ios 12.3(7)xi3
cisco ios 12.2(2)dd3
cisco ios 12.3(7)t9
cisco ios 11.2(11)
cisco ios 12.2(7.4)s
cisco ios 12.2cy
cisco ios 12.0(28)w5(31a)
cisco ios 12.3(5b)
netbsd netbsd 1.3
cisco ios 11.3(11d)
cisco ios 12.3yt
linux linux_kernel 2.4.16
cisco ios 12.1(5)yi1
linux linux_kernel 2.0.1
cisco ios 12.0(28)w5-32a
cisco ios 12.2(9)s
cisco ios 12.3(14)ym4
cisco ios 12.0(18)s5
cisco ios 12.2ym
cisco ios 12.2zd
cisco ios 12.2(23.6)
cisco ios 12.1(5)yb
cisco ios 12.1(1.3)t
freebsd freebsd 3.2
cisco ios 12.2(18)sxd4
cisco ios 12.3(3h)
freebsd freebsd 2.1.7.1
linux linux_kernel 2.3.8
linux linux_kernel 2.5.39
linux linux_kernel 2.6.16.13
cisco ios 12.2xv
cisco ios 12.2(17d)
linux linux_kernel 2.3.19
linux linux_kernel 2.6.20.13
netbsd netbsd 1.6.1
linux linux_kernel 2.4.9
cisco ios 12.2(4)xw1
cisco ios 11.1(13)ia
cisco ios 12.1(9)ea
cisco ios 12.2(18)sxe1
cisco ios 12.2(25)ewa1
cisco ios 12.0(25.4)s1
linux linux_kernel 2.0.8
cisco ios 12.0(2)
cisco ios 12.1(6)ea2b
freebsd freebsd 7.0
cisco ios 12.4(4)t
linux linux_kernel 2.2.1
cisco ios 12.1(6)ey
linux linux_kernel 2.6.23.6
cisco ios 12.0xu
linux linux_kernel 2.3.51
cisco ios 12.0(10)s3b
cisco ios 12.1(2)e1
linux linux_kernel 2.6.11.4
cisco ios 12.2(2)xk
cisco ios 12.2(4)xl4
cisco ios 12.3(14)yq1
cisco ios 12.2(25)sv2
netbsd netbsd 2.0.3
cisco ios 12.3(4)xg1
linux linux_kernel 2.5.23
cisco ios 12.0
cisco ios 12.2(4)ya1
linux linux_kernel 2.6.16.38
cisco ios 12.1(8b)e20
cisco ios 12.0(31)s1
cisco ios 12.2(11)yz2
cisco ios 12.2(1)xa
cisco ios 12.0(24)s2
cisco ios 12.0(21)s7
cisco ios 12.2(15)bz
linux linux_kernel 2.3.24
cisco ios 12.3jec
cisco ios 12.3xw
cisco ios 12.0xv
cisco ios 12.2(25)sec2
linux linux_kernel 2.2.26
cisco ios 12.0(7)xv
cisco ios 12.2(1)xs1
cisco ios 12.2xg
cisco ios 12.0(24.2)s
cisco ios 12.4xb
linux linux_kernel 2.6.20.5
cisco ios 11.0(x)
cisco ios 12.0(19)sl
cisco ios 12.0xa
cisco ios 12.3yg
linux linux_kernel 2.6.16.3
linux linux_kernel 2.2.24
linux linux_kernel 2.2.20
openbsd openbsd 3.4
cisco ios 12.2(12)da3
linux linux_kernel 2.6.19.2
cisco ios 11.2(26)p2
cisco ios 12.1(3a)xi8
cisco ios 12.2(4)
cisco ios 12.2(8)t10
cisco ios 12.2su
cisco ios 12.2xs
cisco ios 12.2(15)b
cisco ios 12.1(7a)e6
cisco ios 11.2sa
cisco ios 12.0(5)wc11
linux linux_kernel 2.6.18.3
linux linux_kernel 2.4.11
cisco ios 12.3(11)yw
cisco ios 12.0xs
cisco ios 12.3(5c)
linux linux_kernel 2.6.22.5
cisco ios 12.3(9)
cisco ios 12.2(8)zb7
cisco ios 12.1(5)yf4
linux linux_kernel 2.0.26
cisco ios 12.1(3a)e8
cisco ios 12.1xh
openbsd openbsd 2.1
cisco ios 12.2(14.5)
cisco ios 12.0(23)s5
cisco ios 12.3(13a)bc1
linux linux_kernel 2.4.33.4
cisco ios 12.2bc
cisco ios 12.2yg
cisco ios 12.2(18)ewa
cisco ios 12.1(6)ez2
cisco ios 12.2(25)s6
cisco ios 12.1(4.3)t
cisco ios 12.1(9a)
cisco ios 12.2(6.8)t0a
cisco ios 12.2(11)yu
cisco ios 12.3j
linux linux_kernel 2.6.16.2
cisco ios 12.1xk
cisco ios 12.4(2)xb2
cisco ios 12.2(25)s1
linux linux_kernel 2.6.12.3
linux linux_kernel 2.6.16.7
cisco ios 12.0(8a)
linux linux_kernel 2.5.51
cisco ios 12.2(4)yb
linux linux_kernel 2.5.25
linux linux_kernel 2.0.36
cisco ios 12.1m
cisco ios 12.0(17)sl2
cisco ios 12.1(18.4)
microsoft windows_vista -
cisco ios 12.0(17)
cisco ios 12.2bz
linux linux_kernel 2.6.23.3
cisco ios 12.0(11)s6
cisco ios 12.1(12b)
cisco ios 11.3ha
cisco ios 12.2(14)sy03
cisco ios 12.4(2)t3
cisco ios 12.0(5)
cisco ios 12.3(11)yn
linux linux_kernel 2.4.28
cisco ios 12.1(1c)
cisco ios 12.3ye
linux linux_kernel 2.6.15.5
cisco ios 12.2(18)sxd7
cisco ios 12.4xj
cisco ios 12.0(15)s
freebsd freebsd 4.1.1
cisco ios 12.1(13)e12
cisco ios 12.1ax
cisco ios 12.3(14)t5
linux linux_kernel 2.5.61
cisco ios 12.1(20)ew1
cisco ios 12.2(2)xt3
cisco ios 12.3(4)xh
cisco ios 11.2(9)xa
cisco ios 12.0(10)s7
cisco ios 12.1(4)
netbsd netbsd 3.0
cisco ios 12.1(20)ec1
cisco ios 12.3(2)xa5
linux linux_kernel 2.4.10
cisco ios 12.1(4)db1
freebsd freebsd 4.6.2
cisco ios 12.3(9a)bc6
cisco ios 12.0(24)s1
cisco ios 12.2(2)xh2
freebsd freebsd 4.6
cisco ios 12.2(3.4)bp
dragonflybsd dragonflybsd -
cisco ios 12.0(1)w
cisco ios 12.0(20)sl
linux linux_kernel 2.6.17.8
cisco ios 12.1(13)ay
cisco ios 12.2xh
bsdi bsd_os 4.0
linux linux_kernel 2.6.16.49
openbsd openbsd 3.3
cisco ios 12.2xk
linux linux_kernel 2.5.44
cisco ios 12.0(28c)
cisco ios 12.1ye
cisco ios 12.0xe
cisco ios 12.3(6f)
cisco ios 12.0(9)s8
linux linux_kernel 2.6.12.22
openbsd openbsd 2.3
cisco ios 12.1(7)cx
cisco ios 12.0(2)xg
cisco ios 12.1(6)e8
freebsd freebsd 4.2
cisco ios 12.0(21)s1
cisco ios 11.1aa
cisco ios 12.2(4)b4
freebsd freebsd 3.4
cisco ios 12.2(4)ya
cisco ios 12.1(1)db
cisco ios 12.2(1)xq
cisco ios 12.3(11)yk
linux linux_kernel 2.0.14
linux linux_kernel 2.4.34.1
cisco ios 12.1(11b)e
cisco ios 12.1yi
freebsd freebsd 3.5.1
cisco ios 12.4(2)t2
cisco ios 12.1xq
cisco ios 12.2(4)mb3
cisco ios 12.2(22)ea6
cisco ios 12.1(19)
cisco ios 12.0sl
linux linux_kernel 2.0.23
cisco ios 12.2(14)sy
cisco ios 12.1(26)e3
cisco ios 12.1(1)
cisco ios 12.1t
cisco ios 12.3(11)t8
linux linux_kernel 2.5.0
cisco ios 12.2zb
cisco ios 12.1(13)ex2
cisco ios 12.1(14)e1
cisco ios 12.2yz
linux linux_kernel 2.6.14.2
cisco ios 12.3(7.7)
cisco ios 12.3bw
cisco ios 12.1(5)yf
cisco ios 11.2(4)f1
cisco ios 12.3(4)xe4
freebsd freebsd 2.2.5
cisco ios 12.2(4)mb13b
openbsd openbsd 2.6
cisco ios 12.0(18)s7
bsdi bsd_os 2.0.1
cisco ios 12.2(14)za2
cisco ios 11.1(7)
cisco ios 12.1(6a)
cisco ios 12.1(13)ew4
linux linux_kernel 2.6.20.2
cisco ios 12.2(1)dx
cisco ios 12.1(10.5)ec
linux linux_kernel 2.3.3
linux linux_kernel 2.0.28
bsdi bsd_os 3.2
netbsd netbsd 1.4
cisco ios 12.0(14a)
cisco ios 12.0(16)s8a
cisco ios 12.0(20)st6
linux linux_kernel 2.3.41
cisco ios 12.2e
cisco ios 12.2(2)xb4
freebsd freebsd 4.1
linux linux_kernel 2.5.69
cisco ios 12.0(7)sc
cisco ios 12.3yx
freebsd freebsd 4.0
linux linux_kernel 2.5.26
cisco ios 12.1(5)dc2
linux linux_kernel 2.6.3
cisco ios 11.0(22b)
cisco ios 12.0(20.4)sp
cisco ios 12.4xg
cisco ios 11.2(4)
netbsd netbsd 1.5.2
cisco ios 12.0(27)
linux linux_kernel 2.6.17.9
freebsd freebsd 5.0
cisco ios 12.1(5)ya2
cisco ios 12.2yt
cisco ios 12.0xw
cisco ios 12.2(8)t
cisco ios 12.3(10)
cisco ios 11.3(8)db2
cisco ios 12.2(25)ewa3
cisco ios 12.2xm
cisco ios 12.3(8)xy4
cisco ios 12.2(22)sv1
cisco ios 12.2(13)zd3
cisco ios 11.2(26a)
cisco ios 12.3(2)xc1
linux linux_kernel 2.0.34
cisco ios 12.3xl
linux linux_kernel 2.4.30
cisco ios 12.0(13)w5(19c)
cisco ios 12.2(1d)
cisco ios 12.2(4)b1
cisco ios 12.0(3)xe
cisco ios 12.1
linux linux_kernel 2.4.33.2
cisco ios 12.2eu
cisco ios 12.3(14)yu
linux linux_kernel 2.5.67
cisco ios 11.0.12(a)bt
cisco ios 12.3(2)xc2
cisco ios 12.2(18)sxd6
linux linux_kernel 2.5.64
cisco ios -
linux linux_kernel 2.6.2
freebsd freebsd 3.1
cisco ios 12.2(1)s
cisco ios 12.4(2)t1
cisco ios 12.1(19)ec
linux linux_kernel 2.6.14.3
cisco ios 12.2dd
cisco ios 12.2sw
cisco ios 12.1(5)t15
cisco ios 12.2(17d)sxb7
cisco ios 12.3(14)yq
cisco ios 12.0(5)xe
linux linux_kernel 2.6.18.2
cisco ios 12.2(1.1)pi
cisco ios 12.3(14)yq3
netbsd netbsd 2.1.1
cisco ios 12.1(16)
linux linux_kernel 2.6.11.10
cisco ios 12.4(2)mr
cisco ios 12.0(14)s8
cisco ios 12.3ym
cisco ios 12.2(11)bc3c
cisco ios 12.2(15)zj
linux linux_kernel 2.6.20.7
cisco ios 12.2(13)mc1
cisco ios 12.2zg
cisco ios 11.1(17)cc
cisco ios 12.3(4)ja
cisco ios 12.0(5)s
cisco ios 11.1(36)ca2
linux linux_kernel 2.0.9.9
cisco ios 12.2(10)da4
cisco ios 12.0sz
linux linux_kernel 2.3.44
linux linux_kernel 2.5.19
cisco ios 12.3yi
cisco ios 12.0(5.2)xu
linux linux_kernel 2.1.132
bsdi bsd_os 4.0.1
cisco ios 12.2(14)s15
cisco ios 12.1(8a)e
cisco ios 12.3(16)
cisco ios 12.3(14)yt
cisco ios 12.3xm
cisco ios 11.1(24)
linux linux_kernel 2.6.23
cisco ios 12.0xj
cisco ios 12.1(1a)t1
cisco ios 12.2(8)yw3
cisco ios 12.0(5)xk
cisco ios 12.3(2)xe3
cisco ios 12.1(22)ea6
cisco ios 11.1(16)
linux linux_kernel 2.2.6
linux linux_kernel 2.4.17
microsoft windows_xp -
cisco ios 12.2(13)zh
linux linux_kernel 2.5.35
cisco ios 12.2(4)xm2
cisco ios 12.0(20)sp1
cisco ios 12.0(30)s2
cisco ios 12.0sv
linux linux_kernel 2.6.6
cisco ios 12.2(1)xd
cisco ios 12.2(7)
cisco ios 12.4(1c)
cisco ios 11.1(7)ca
cisco ios 12.1(5)yf2
cisco ios 12.3(6a)
netbsd netbsd 1.5
cisco ios 12.2sxd
cisco ios 12.2(25)sec1
cisco ios 12.1x(l)
cisco ios 12.2(18)ew
cisco ios 11.1(15)aa
cisco ios 12.2tpc
cisco ios 12.0(31)s
cisco ios 12.1xf
cisco ios 11.2(26b)
cisco ios 4.1
cisco ios 11.3(1)ed
bsdi bsd_os 4.1
cisco ios 12.1(26)e1
cisco ios 12.3xc
cisco ios 12.1(13)e1
cisco ios 11.3t
cisco ios 12.1(6)ez1
linux linux_kernel 2.6.16.1
linux linux_kernel 2.6.14.4
cisco ios 12.2(1)xd4
cisco ios 12.3(4)xq
linux linux_kernel 2.6.16.22
cisco ios 12.0(12)
cisco ios 12.3(5)
linux linux_kernel 2.2.22
bsdi bsd_os 2.1
cisco ios 12.1(5)yi
cisco ios 12.1xw
cisco ios 12.2(13)
linux linux_kernel 2.6.12
cisco ios 12.3(2)xc3
cisco ios 9.0
cisco ios 12.0(24)s5
cisco ios 12.1(14)ea1
freebsd freebsd 2.2.8
cisco ios 12.0(6b)
freebsd freebsd 2.1.6.1
linux linux_kernel 2.2.15
linux linux_kernel 2.6.23.4
cisco ios 12.0(11)st4
cisco ios 12.0(1)xb
cisco ios 12.2ye
bsd bsd 4.3
linux linux_kernel 2.5.22
cisco ios 12.0(3.6)w5(9.0.5)
cisco ios 12.0(23)s2
cisco ios 12.1(11b)e12
cisco ios 12.2(1)xe
cisco ios 12.0(18)st1
cisco ios 11.1(12)
cisco ios 12.2(15)xr
linux linux_kernel 2.6.17.12
cisco ios 12.0(5)wc2b
cisco ios 12.2(2)xg
linux linux_kernel 2.6.20.15
cisco ios 12.0(24)s6
openbsd openbsd 2.9
linux linux_kernel 2.6.20.8
linux linux_kernel 2.6.23.1
linux linux_kernel 2.6.23.2
cisco ios 12.0(28)
cisco ios 12.0(5.4)wc1
cisco ios 12.1ay
cisco ios 12.2(16)b1
cisco ios 12.0xt
linux linux_kernel 2.4.15
cisco ios 12.1(11)
linux linux_kernel 2.5.41
linux linux_kernel 2.2.25
cisco ios 12.3(11)t
cisco ios 12.1(5)xv3
cisco ios 12.3xr
cisco ios 12.0(19)s2a
cisco ios 12.0(27)s
cisco ios 12.1ew
cisco ios 12.2da
cisco ios 12.0(2)xf
oracle solaris 9
cisco ios 11.1(7)aa
cisco ios 12.1sec
cisco ios 12.3(8)yd
cisco ios 12.2(22)s
cisco ios 12.1(12c)ew4
linux linux_kernel 2.2.27
cisco ios 12.2(31)
cisco ios 11.1(16)ia
cisco ios 12.0(19)sp
cisco ios 12.0(23)s6
cisco ios 12.2(2)xf
linux linux_kernel 2.5.65
cisco ios 12.0(16)s10
linux linux_kernel 2.5.66
linux linux_kernel 2.6.16.24
cisco ios 10.0
cisco ios 12.2(18)sxf
linux linux_kernel 2.6.15.4
cisco ios 12.2(8)bc1
linux linux_kernel 2.6.20.6
cisco ios 12.2(21a)
openbsd openbsd 2.0
cisco ios 12.2xq
cisco ios 12.1(20)
cisco ios 12.1(4)db
cisco ios 12.2(16f)
cisco ios 12.1(11a)
cisco ios 12.2se
linux linux_kernel 2.3.40
linux linux_kernel 2.6.16.48
cisco ios 12.2ey
freebsd freebsd 3.3
cisco ios 12.1(5)yb4
linux linux_kernel 2.5.40
linux linux_kernel 2.6.16.16
linux linux_kernel 2.5.5
cisco ios 12.0(5)wc13
cisco ios 12.1(10)ey
cisco ios 12.2(15)bc
cisco ios 12.0(13)wt6(1)
cisco ios 12.3(4)t1
cisco ios 12.2(4)bc1a
cisco ios 12.2(17d)sxb8
linux linux_kernel 2.3.35
cisco ios 12.0xh
cisco ios 12.1(13)ea1c
cisco ios 12.2(1)xe2
cisco ios 12.3(4)xg4
cisco ios 12.0(7)xk2
cisco ios 12.0(18)sl
linux linux_kernel 2.6.13.4
cisco ios 12.2zq
cisco ios 12.2(4)xl
cisco ios 12.2(15)bx
cisco ios 12.0(4)xm
cisco ios 12.2seb
cisco ios 12.0(7)xf1
cisco ios 12.1(5)yd6
cisco ios 12.1(7a)ey
cisco ios 12.0(17)s4
cisco ios 12.0(5a)e
cisco ios 12.3(13a)bc
cisco ios 12.1(19)ew
cisco ios 12.2(4)t3
freebsd freebsd 2.1.0
netbsd netbsd 2.0.2
cisco ios 12.1(20)ea1
linux linux_kernel 2.0.38
cisco ios 12.1yb
cisco ios 12.1xi
cisco ios 12.2(15)jk5
cisco ios 12.3(7)xr6
cisco ios 12.1(15)bc1
cisco ios 12.2(24)
cisco ios 12.2(25)sed
cisco ios 12.3(8)xy5
cisco ios 12.2sh
cisco ios 12.2cz
cisco ios 12.3(5a)b2
linux linux_kernel 2.3.16
netbsd netbsd 1.2.1
cisco ios 12.2(15)cz3
cisco ios 12.1(14.5)
cisco ios 12.0(5)wc3
cisco ios 12.3(11)t9
cisco ios 12.0xf
cisco ios 11.3(7)db1
cisco ios 12.0(5)t
linux linux_kernel 2.6.21.2
linux linux_kernel 2.6.12.6
cisco ios 12.0(12)s3
cisco ios 12.0(21)sl
freebsd freebsd 6.2
cisco ios 12.2(16.5)s
linux linux_kernel 2.6.16.23
linux linux_kernel 2.6.18.4
cisco ios 12.4(3a)
linux linux_kernel 2.3.30
cisco ios 12.2(15)mc1
cisco ios 12.2(13)ze
cisco ios 11.3aa
cisco ios 12.1(22)
cisco ios 12.3(10c)
cisco ios 11.3db
cisco ios 12.2(20)ewa3
cisco ios 12.3(6d)
cisco ios 12.1(3)xp4
cisco ios 11.2(8)sa3
cisco ios 12.0(26)s2
cisco ios 12.2(11)ja
cisco ios 12.2(20)ew3
cisco ios 12.2(15)t
cisco ios 12.0(4)t
linux linux_kernel 2.6.21.3
linux linux_kernel 2.5.56
cisco ios 12.2(15.1)s
cisco ios 12.0(20)st2
cisco ios 12.1(3)t
cisco ios 12.1(12c)
cisco ios 12.1eu
cisco ios 12.1(1)db2
linux linux_kernel 2.6.23.5
linux linux_kernel 2.2.13
cisco ios 12.2(2)xa1
cisco ios 12.3yf
cisco ios 12.1(8a)ew
cisco ios 12.0(5)wx
linux linux_kernel 2.6.10
cisco ios 11.1ca
cisco ios 12.2(17d)sx
linux linux_kernel 2.4.34
linux linux_kernel 2.5.50
cisco ios 12.0(21a)
linux linux_kernel 2.6.20.3
cisco ios 12.0(7)t3
linux linux_kernel 2.6.14.7
cisco ios 11.0(22a)
cisco ios 12.1(11)e
cisco ios 12.0(17)sl
cisco ios 12.1xp
freebsd freebsd 6.3
cisco ios 12.2(18)s
cisco ios 12.0(12)s4
cisco ios 12.2sxb
linux linux_kernel 2.6.17.4
cisco ios 12.2(15)sl1
cisco ios 12.3(11)yf
linux linux_kernel 2.5.34
cisco ios 12.2(15)ys_1.2(1)
cisco ios 11.3(11c)
linux linux_kernel 2.5.30
cisco ios 12.2(15)xr2
cisco ios 12.2(21b)
cisco ios 11.2(10)
cisco ios 12.0(5)xn
linux linux_kernel 2.5.8
netbsd netbsd 1.5.1
openbsd openbsd 2.7
cisco ios 12.3(8)t11
cisco ios 12.3(11)yk2
midnightbsd midnightbsd -
linux linux_kernel 2.2.23
cisco ios 12.3(4)t
linux linux_kernel 2.3.5
bsdi bsd_os -
cisco ios 12.0(21)s4a
cisco ios 12.2(27)sbc
cisco ios 12.2sxa
cisco ios 12.2(14)sx1
linux linux_kernel 2.6.7
cisco ios 12.1(11b)e14
cisco ios 12.1(13.4)e
cisco ios 12.2(2)xu
freebsd freebsd 4.3
cisco ios 12.1(1)e5
cisco ios 12.3(7)xr4
linux linux_kernel 2.6.19
cisco ios 12.2yu
cisco ios 12.2xc
cisco ios 12.2ya
cisco ios 12.1ex
cisco ios 12.1(14)e9
cisco ios 12.2xa
cisco ios 12.0ev
cisco ios 12.2(18)s9
cisco ios 12.3(8)xu2
cisco ios 12.4(2)xa
linux linux_kernel 2.6.16.18
cisco ios 12.1(8)aa1
cisco ios 12.2(25)ex
cisco ios 12.2(12g)
cisco ios 12.0(5)xn1
linux linux_kernel 2.6.8.1
cisco ios 12.2(15)mc2e
cisco ios 11.1cc
cisco ios 12.2(15)t17
cisco ios 12.4(7a)
linux linux_kernel 2.6.12.1
linux linux_kernel 2.5.63
linux linux_kernel 2.0.30
cisco ios 12.1(20)eo
cisco ios 12.0(15)sc
cisco ios 12.1(5)t12
linux linux_kernel 2.6.20.14
linux linux_kernel 2.6.21
cisco ios 12.2sec
cisco ios 12.3(5)b1
cisco ios 12.2yy
cisco ios 12.2ca
cisco ios 12.2(11)t
cisco ios 12.1(13)e13
linux linux_kernel 2.6.11.8
cisco ios 12.2(15)cx
cisco ios 12.2(16.1)b
freebsd freebsd 2.1.5
linux linux_kernel 2.6.16.4
cisco ios 12.2yr
cisco ios 11.2
cisco ios 11.2(14)gs2
cisco ios 12.2(20)ew2
cisco ios 12.1aa
cisco ios 12.2(15)zn
cisco ios 12.1(5)xs
cisco ios 12.0(21)s5a
linux linux_kernel 1.2.0
openbsd openbsd 4.3
cisco ios 12.1(5)xs2
cisco ios 12.2(8)yy3
cisco ios 12.2(2)by2
cisco ios 12.2(26b)
cisco ios 11.2(8.9)sa6
cisco ios 12.2(25)ey
cisco ios 12.3b
cisco ios 11.1(24a)
cisco ios 12.2(30)s1
cisco ios 12.3xs
linux linux_kernel 2.3.1
linux linux_kernel 2.4.12
linux linux_kernel 2.0
linux linux_kernel 2.6.16.32
cisco ios 12.0db
cisco ios 12.0(15)s3
cisco ios 12.3xt
cisco ios 12.3(11)yf4
cisco ios 12.1(6)e12
cisco ios 12.0(17)st8
cisco ios 11.3(1)t
cisco ios 12.2(12c)
cisco ios 12.2(25)sw
cisco ios 12.2(25)sg
cisco ios 12.3xk
cisco ios 12.2(11)ja1
cisco ios 12.2(14)sy1
cisco ios 12.0(19)s
cisco ios 12.2yw
cisco ios 11.2(4)xaf
cisco ios 12.3(11)
linux linux_kernel 2.6.16.52
cisco catalyst_blade_switch_3020_firmware *
linux linux_kernel 2.6.22.1
cisco ios 12.2(20)s8
cisco ios 12.4(3)
freebsd freebsd 7.1
cisco ios 12.3(5e)
cisco ios 12.4(6)t1
linux linux_kernel 2.3.12
linux linux_kernel 2.6.16.19
cisco ios 12.2(7b)
cisco ios 12.0(17)s7
cisco ios 11.1(22)
cisco ios 12.2(25)sw4a
cisco ios 12.1yd
cisco ios 12.3(4)xk1
cisco ios 12.1(27)
openbsd openbsd 3.0
trustedbsd trustedbsd -
cisco ios 12.4(2)t
cisco ios 12.0(13)s6
linux linux_kernel 2.6.19.3
cisco ios 12.0(22)sy
cisco ios 12.1(5c)
cisco ios 12.0(17a)
cisco ios 12.2(2)xb15
cisco ios 11.1(16)aa
cisco ios 12.0xn
cisco ios 12.3(8)yg3
linux linux_kernel 2.4.22
cisco ios 12.2(2)xn
cisco ios 12.1(4)e3
linux linux_kernel 2.0.32
linux linux_kernel 2.6.16.41
netbsd netbsd 1.4.1
cisco ios 11.1ct
cisco ios 12.2(23)sv1
cisco ios 12.4(1b)
linux linux_kernel 2.0.22
linux linux_kernel 2.6.15.1
cisco ios 11.2(11b)t2
cisco ios 12.4(7)
cisco ios 12.0(18)w5(22b)
cisco ios 12.0(27)sv1
cisco ios 12.2xf
cisco ios 12.2(18)sw
bsdi bsd_os 3.0
cisco ios 12.0(23)s3
cisco ios 12.2zo
cisco ios 10.3(4.3)
linux linux_kernel 2.0.19
cisco ios 12.3(12b)
cisco ios 12.2za
cisco ios 12.1(13)e9
cisco ios 12.3(8)xy6
linux linux_kernel 2.2.11
cisco ios 12.2(2)by
linux linux_kernel 2.3.26
linux linux_kernel 2.3.99
cisco ios 11.2(9)p
netbsd netbsd 1.1
cisco ios 12.0(17)st5
cisco ios 12.1yc
linux linux_kernel 2.6.17.3
cisco ios 12.0(5)wc9
cisco ios 12.4xk
freebsd freebsd 1.2
cisco ios 11.0(17)bt
cisco ios 12.2(4)ja
cisco ios 12.2xb
cisco ios 12.0(13a)
cisco ios 12.4(6)t
cisco ios 12.0(2a)
cisco ios 12.3(4)xd
cisco ios 12.2(4)mb13c
cisco ios 12.1ea
cisco ios 12.2(20)se3
cisco ios 12.2(25)ez1
cisco ios 12.0(5)wc9a
cisco ios 12.2ew
cisco ios 12.1(5)dc
linux linux_kernel 2.6.16.28
linux linux_kernel 2.6.16.27
cisco ios 11.3(11)b
cisco ios 12.3(8)yh
cisco ios 12.0(12a)
linux linux_kernel 2.3.31
linux linux_kernel 2.6.9
linux linux_kernel 2.3.13
cisco ios 12.2(2)xj1
cisco ios 4.1.2
linux linux_kernel 2.6.8.1.5
cisco ios 12.2(18)sxe
cisco ios 12.3(13a)
linux linux_kernel 2.3.27
linux linux_kernel 2.6.16.29
cisco ios 12.2(2)xb3
cisco ios 12.2(2)xt
cisco ios 12.3xh
cisco ios 12.2(20)s1
linux linux_kernel 2.0.5
cisco ios 12.0(18)s
cisco ios 12.1xd
linux linux_kernel 2.0.6
cisco ios 12.1(10)ec
cisco ios 12.2(12.05)
cisco ios 12.2(8)yd
cisco ios 12.2(4)mb12
cisco ios 12.2(18)so4
cisco ios 12.0(16)st
cisco ios 12.2(2)xi
cisco ios 12.2(2)t4
cisco ios 12.1(5)t
cisco ios 12.3(11)yl
linux linux_kernel 2.3.6
cisco ios 12.0(19)s2
cisco ios 12.1xv
linux linux_kernel 2.6.16.30
linux linux_kernel 2.6.13.2
cisco ios 12.2(25)s
cisco ios 12.3(11)yk1
freebsd freebsd 2.2.2
cisco ios 12.2(3)
cisco ios 12.1yf
cisco ios 12.1xb
cisco ios 12.0(16)sc
openbsd openbsd 4.0
cisco ios 12.3(10d)
linux linux_kernel 2.2.9
linux linux_kernel 2.6.16.36
cisco ios 11.1(17)
cisco ios 12.2sea
linux linux_kernel 2.6.16.31
cisco ios 12.3(4)t8
linux linux_kernel 2.4.19
cisco ios 12.3ya
cisco ios 12.2(18.2)
cisco ios 12.3yq
linux linux_kernel 2.4.7
openbsd openbsd 3.2
netbsd netbsd 3.99.15
linux linux_kernel 2.3.49
linux linux_kernel 2.0.11
cisco ios 12.2(2)xb14
cisco ios 12.2yq
cisco ios 12.1(11)ea1
cisco ios 12.3(9e)
linux linux_kernel 2.5.17
linux linux_kernel 2.6.11
cisco ios 12.2(13)zd
linux linux_kernel 2.6.14
cisco ios 12.2(15)ys
netbsd netbsd 1.2
cisco ios 12.2bw
linux linux_kernel 2.6.16.37
cisco ios 12.2(25)seb3
cisco ios 12.3jeb
cisco ios 12.3(11)xl3
freebsd freebsd 2.1
cisco ios 12.1(6.5)
cisco ios 12.2(1b)da1
openbsd openbsd 3.6
linux linux_kernel 2.5.15
linux linux_kernel 2.4.33.5
cisco ios 12.0(16a)
cisco ios 12.1(1)dc
linux linux_kernel 2.6.13
cisco ios 12.1xg
cisco ios 12.1(20)ew2
cisco catalyst_blade_switch_3120x_firmware *
cisco ios 11.3xa
cisco ios 12.2(18)sv3
cisco ios 12.2(18)s8
linux linux_kernel 2.6.22.16
cisco ios 12.1(13)e3
cisco ios 12.0(20)w5(22b)
cisco ios 12.0(21)s6
freebsd freebsd 5.2
linux linux_kernel 2.4.32
linux linux_kernel 2.3.14
cisco ios 12.0(22)s
cisco ios 12.1(7a)ey3
linux linux_kernel 2.4.3
cisco ios 12.1xl
cisco ios 12.2(5d)
cisco ios 12.2(25)ey3
linux linux_kernel 2.2.2
cisco ios 12.0(15)s7
cisco ios 12.1(5)t9
cisco ios 12.2(11)t3
cisco ios 12.3(7)ja
cisco ios 12.1(3)xp
cisco ios 12.2(13)zc
cisco ios 12.3(5a)b5
cisco ios 12.2(14)za
cisco ios 12.1(13)ea1
linux linux_kernel 2.6.14.6
cisco ios 12.2(18)s6
cisco ios 12.2(25)ez
cisco ios 12.0(5)wc3b
cisco ios 12.3xn
linux linux_kernel 2.5.59
cisco ios 12.2(17f)
cisco ios 12.3(2)xa4
linux linux_kernel 2.0.2
cisco ios 12.2(7a)
cisco ios 12.0(24)s4
cisco ios 12.2(5)
linux linux_kernel 2.6.19.1
cisco ios 12.3(3e)
cisco ios 12.1(3a)
cisco ios 12.1(13)e17
linux linux_kernel 2.6.17.10
cisco ios 12.1(6)ea2
cisco ios 12.0(4)
cisco ios 12.4(2)mr1
cisco ios 12.2(10g)
oracle solaris 10
cisco ios 12.2(2.2)t
cisco ios 12.2sxf
cisco ios 11.3(11b)
cisco ios 12.3(2)jk1
cisco ios 12.2(23f)
cisco ios 12.1(8c)
cisco ios 12.2(13.03)b
cisco ios 12.2(15)t15
cisco ios 12.3(8)yi
cisco ios 11.1(28a)ia
cisco ios 12.3(2)jk
linux linux_kernel 2.6.17.13
cisco ios 12.3
cisco ios 12.1(11b)
bsd bsd -
cisco ios 12.0(10)w5(18f)
cisco ios 12.2pi
cisco ios 12.0(17)st1
linux linux_kernel 2.6.18.1
cisco ios 12.2xr
freebsd freebsd 6.1
oracle solaris 8
linux linux_kernel 2.6.16.53
cisco ios 12.2(17a)sxa
cisco ios 12.3(11)yj
cisco ios 12.3(14)t2
cisco ios 12.2(15)t7
cisco ios 10.3(16)
cisco ios 12.4(1)
dragonflybsd dragonflybsd 1.0
linux linux_kernel 2.2.10
linux linux_kernel 2.6.12.2
cisco ios 12.0(5.3)wc1
linux linux_kernel 2.6.11.6
cisco ios 12.1e
cisco ios 12.0(23)sx
cisco ios 12.2zn
cisco ios 12.4xe
linux linux_kernel 2.6.23.9
linux linux_kernel 2.5.1
cisco ios 12.2(2)t1
cisco ios 11.0(17)
linux linux_kernel 2.3.36
cisco ios 12.1(14)e10
cisco ios 12.2yl
bsdi bsd_os 4.2
cisco ios 12.3(8)yg2
cisco ios 12.4(9)t
cisco ios 12.0(4)xm1
linux linux_kernel 2.0.31
cisco ios 12.0(7)db2
cisco ios 12.1(10)aa
linux linux_kernel 2.6.20.12
cisco ios 12.2(2)xb
cisco ios 12.2(13)t16
cisco ios 12.3jk
cisco ios 12.2jx
linux linux_kernel 2.5.58
cisco ios 12.1(12c)ec
cisco ios 12.0(25)w5(27)
cisco ios 12.1(8)e
freebsd freebsd 3.0
linux linux_kernel 2.5.38
linux linux_kernel 2.6.15.11
linux linux_kernel 2.5.2
linux linux_kernel 2.6.15
cisco ios 12.1(10)
linux linux_kernel 2.6.22.6
linux linux_kernel 2.6.14.1
cisco ios 12.0(26)w5(28)
linux linux_kernel 2.5.31
cisco ios 12.1xc
linux linux_kernel 2.6.11.1
cisco ios 12.1(23)e1
cisco ios 12.0(5)xs
cisco ios 12.1(4)dc
cisco ios 12.2(17d)sxb10
cisco ios 12.0(7)s1
cisco ios 12.0xd
cisco ios 12.2(12h)
cisco ios 12.0sp
cisco ios 12.2zl
freebsd freebsd 4.5
cisco ios 12.1(1)t
cisco ios 12.1(14)
linux linux_kernel 2.4.18
cisco ios 12.4(4)t2
cisco ios 12.2(4)ya7
freebsd freebsd 2.2.6
linux linux_kernel 2.6.16.10
cisco ios 12.0w5
cisco ios 12.1(22)e3
cisco ios 12.3(7)xi7
cisco ios 12.0(17)s
cisco ios 12.1(3)db1
netbsd netbsd -
linux linux_kernel 2.6.15.3
cisco ios 12.1(8a)ex
cisco ios 12.1xm
cisco ios 12.2(20)s9
linux linux_kernel 2.6.20.1
cisco ios 12.4(3)t2
linux linux_kernel 2.6.18.6
cisco ios 12.0(7a)
cisco ios 12.2(20)eu1
cisco ios 12.4(2)xb
linux linux_kernel 2.5.33
cisco ios 12.3xu
linux linux_kernel 2.0.18
cisco ios 12.2(2)xa
cisco ios 11.1(15)ca
cisco ios 12.1(8b)e15
cisco ios 12.1(9)e3
linux linux_kernel 1.3.0
cisco ios 12.0(20a)
cisco ios 12.2ex
linux linux_kernel 2.6.15.2
cisco ios 12.2(25)sw4
cisco ios 12.2(20)eu2
cisco ios 12.4xp
netbsd netbsd 1.3.2
cisco ios 12.0(17)sl9
freebsd freebsd 4.6.1
cisco ios 12.2xw
linux linux_kernel 2.5.45
cisco ios 12.2(13)zg
linux linux_kernel 2.0.29
cisco ios 11.1(15)ia
cisco ios 12.4sw
cisco ios 12.2(1.1)
cisco ios 12.1(5)yc2
cisco ios 12.1(12c)e7
linux linux_kernel 2.6.15.7
cisco ios 12.2(20)s7
cisco ios 12.3(9a)bc2
freebsd freebsd 2.1.7
cisco ios 12.1(8b)e9
cisco ios 12.1xu
linux linux_kernel 2.3.29
cisco ios 12.2(4)b
linux linux_kernel 2.6.0
cisco ios 12.2(26)sv
cisco ios 12.0(4)xe
linux linux_kernel 2.5.54
cisco ios 12.2b
cisco ios 12.0(21)st7
cisco ios 12.3(5f)
cisco ios 12.1(8b)e14
cisco ios 12.3yn
freebsd freebsd 6.0
linux linux_kernel 2.5.49
cisco ios 12.0(10)s8
cisco ios 12.2(14)sz
cisco ios 10.3(3.4)
linux linux_kernel 2.6.19.4
cisco ios 12.0(20)sp
cisco ios 12.2(16)bx
freebsd freebsd 0.4_1
linux linux_kernel 2.1.89
linux linux_kernel 2.6.13.1
cisco ios 12.3(2)t3
cisco ios 12.2(12.02)s
cisco ios 12.2fx
linux linux_kernel 2.3.17
linux linux_kernel 2.4.31
cisco ios 12.2(12.02)t
cisco ios 12.4(4)mr
linux linux_kernel 2.6.16
openbsd openbsd 3.5
cisco ios 12.0(5)yb4
cisco ios 12.2(2)xb11
cisco ios 12.3(8)ya1
cisco ios 12.2(18)sxd1
cisco ios 12.2jk
cisco ios 12.3(4)xq1
cisco ios 12.2(2)xh
cisco ios 12.4(2)t4
cisco ios 12.2(20)eu
linux linux_kernel 2.6.20
freebsd freebsd 1.1.5.1
linux linux_kernel 2.5.21
cisco ios 12.1(5)xv4
linux linux_kernel 2.3.4
cisco ios 12.2xt
cisco ios 12.0(14)
cisco ios 12.1(3b)
cisco ios 12.0(9)
cisco ios 12.2(25)fy
cisco ios 11.2xa
cisco ios 12.0(26)
cisco ios 12.3yw
cisco ios 12.0wt
cisco ios 12.2cx
cisco ios 12.2(4)xr
netbsd netbsd 1.6.2
cisco ios 11.2(8.2)sa6
cisco ios 12.1(1)dc2
linux linux_kernel 2.3.9
cisco ios 12.3(11)t6
cisco ios 12.2(20)ew
cisco ios 11.2(8)sa5
cisco ios 12.2ze
cisco ios 12.3yh
cisco ios 12.1(9)e
cisco ios 12.1cx
linux linux_kernel 2.0.15
cisco ios 12.2(1)xs
cisco ios 12.2xz
linux linux_kernel 2.2.5
cisco ios 12.1(5)yb5
cisco ios 12.3yc
cisco ios 12.4xm
freebsd freebsd 5.2.1
linux linux_kernel 2.6.16.17
cisco ios 12.0(7)xf
cisco ios 12.3xy
linux linux_kernel 2.5.13
cisco ios 12.1(5)yc
cisco ios 12.2(17)
cisco ios 11
linux linux_kernel 2.6.16.9
cisco ios 12.2x
cisco ios 12.2sg
cisco ios 12.2yf
linux linux_kernel 2.6.11.7
cisco ios 12.0(14)st3
freebsd freebsd 5.1
openbsd openbsd 2.4
cisco ios 12.0(28)w5-30b
cisco ios 12.3(14)yq4
cisco ios 12.1(3)
cisco ios 12.2(18)ew3
cisco ios 12.0(19)s4
cisco ios 12.3(14)yt1
cisco ios 11.2(19a)gs6
linux linux_kernel 2.5.68
cisco ios 12.2(8)yw2
cisco ios 11.1(17)ct
cisco ios 12.2(14)s
cisco ios 12.2yp
linux linux_kernel 2.6.16.46
cisco ios 11.1(13)aa
linux linux_kernel 2.5.47
linux linux_kernel 2.4.34.2
linux linux_kernel 2.6.16.50
cisco ios 12.1(20)eo3
cisco ios 12.1da
cisco ios 12.1yj
cisco ios 12.3(5a)b
freebsd freebsd 4.11
netbsd netbsd 1.3.1
linux linux_kernel 2.0.10
linux linux_kernel 2.6.23.7
cisco ios 12.0(21)st
cisco ios 12.1xj
cisco ios 8.3
cisco ios 12.0(19)
bsd bsd 4.4
cisco ios 11.2f
cisco ios 12.0(5)t2
cisco ios 12.2(12.05)t
linux linux_kernel 2.6.16.47
cisco ios 12.1(5)xv
freebsd freebsd 1.0
cisco ios 12.0(1)s
cisco ios 12.4xd
linux linux_kernel 2.4.29
linux linux_kernel 2.6.16.25
cisco ios 12.1(5)ey
linux linux_kernel 2.0.16
linux linux_kernel 2.0.9
linux linux_kernel 2.6.17
linux linux_kernel 2.6.23.14
cisco ios 12.1(9)ex3
cisco ios 12.2(15)zo
cisco ios 12.1(6)ea2a
cisco ios 12.2(9.4)da
netbsd netbsd 1.4.3
cisco ios 12.2(25)seb2
linux linux_kernel 2.6.8
cisco ios 11.2(17)
cisco ios 12.1(20)ec
cisco ios 12.2yh
cisco ios 12.3yb
cisco ios 11.1(15)
linux linux_kernel 2.6.16.44
cisco ios 12.2zk
openbsd openbsd -
cisco ios 12.2(25)seb
linux linux_kernel 2.6.1
cisco ios 11.1(36)cc4
cisco ios 12.0(13)s8
cisco ios 12.2(2)xa5
linux linux_kernel 2.6.20.10
cisco ios 11.3(2)xa
cisco ios 12.0(27)sv2
cisco ios 12.4
cisco ios 11.1ia
cisco ios 12.1(3)xi
cisco ios 12.1(14)eb
cisco ios 12.2(4)bc1
cisco ios 12.2yv
cisco ios 12.1(5)yc1
cisco ios 12.1xy
cisco ios 12.0(2)xd
cisco ios 12.2(4)bx
linux linux_kernel 2.3.11
linux linux_kernel 2.6.4
cisco ios 11.2(10)bc
cisco ios 12.2(25)se
cisco ios 12.2(6.8a)
cisco ios 12.2(25)ewa
cisco ios 12.2(13)zl
linux linux_kernel 2.5.14
cisco ios 12.2sz
CVE-2009-0537 MEDIUM

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 3.6
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 4.1
openbsd openbsd 4.2
openbsd openbsd 2.9
openbsd openbsd 3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 3.8
openbsd openbsd 2.1
microsoft interix 6.0
openbsd openbsd 4.3
openbsd openbsd 3.3
openbsd openbsd 4.0
openbsd openbsd 2.5
openbsd openbsd 3.7
openbsd openbsd 3.9
openbsd openbsd 3.5
openbsd openbsd 3.0
openbsd openbsd 3.4
openbsd openbsd *
openbsd openbsd 3.1
openbsd openbsd 2.7
CVE-2010-4478 HIGH

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.1
openbsd openssh 5.3
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 2.9p2
openbsd openssh 5.2
openbsd openssh 4.7p1
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 4.4
openbsd openssh 5.4
openbsd openssh 4.9
openbsd openssh 4.8
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.8
openbsd openssh 3.4p1
openbsd openssh 5.5
openbsd openssh 3.7.1p1
openbsd openssh 1.2
openbsd openssh 2.3.1
openbsd openssh 4.1
openbsd openssh 4.2
openbsd openssh 4.6
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 4.4p1
openbsd openssh 4.5
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 1.2.1
openbsd openssh 4.0p1
openbsd openssh 2.9.9p2
openbsd openssh 4.0
openbsd openssh 2.9
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 4.3p1
openbsd openssh 2.2
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 5.0
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3p2
openbsd openssh 3.9.1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 5.1
openbsd openssh 3.7.1p2
openbsd openssh *
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 1.5.8
openbsd openssh 1.2.27
openbsd openssh 3.9.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 2.5.1
openbsd openssh 4.7
openbsd openssh 2.5
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2010-4754 MEDIUM

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 7.3
openbsd openbsd 4.7
netbsd netbsd 5.0.2
apple mac_os_x *
freebsd freebsd 8.1
CVE-2010-4755 MEDIUM

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
freebsd freebsd 7.3
openbsd openssh 2.1
openbsd openssh 5.3
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 2.9p2
openbsd openssh 5.2
openbsd openssh 4.7p1
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 4.4
openbsd openssh 5.4
openbsd openssh 5.7
openbsd openssh 4.9
openbsd openssh 4.8
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.8
openbsd openssh 3.4p1
openbsd openssh 5.5
openbsd openssh 3.7.1p1
openbsd openssh 1.2
openbsd openbsd 4.7
netbsd netbsd 5.0.2
openbsd openssh 2.3.1
openbsd openssh 4.1
openbsd openssh 4.2
openbsd openssh 4.6
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 4.4p1
openbsd openssh 4.5
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 1.2.1
openbsd openssh 4.0p1
openbsd openssh 2.9.9p2
openbsd openssh 4.0
openbsd openssh 2.9
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 4.3p1
openbsd openssh 2.2
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 5.0
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3p2
openbsd openssh 3.9.1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 5.1
freebsd freebsd 8.1
openbsd openssh 3.7.1p2
openbsd openssh *
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 1.5.8
openbsd openssh 5.6
openbsd openssh 1.2.27
openbsd openssh 3.9.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 2.5.1
openbsd openssh 4.7
openbsd openssh 2.5
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2011-0419 MEDIUM

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
oracle solaris 10
debian debian_linux 5.0
debian debian_linux 6.0
openbsd openbsd 4.8
google android *
debian debian_linux 7.0
netbsd netbsd 5.1
apache http_server *
suse linux_enterprise_server 10
apple mac_os_x 10.6.0
apache portable_runtime *
freebsd freebsd *
CVE-2011-0539 MEDIUM

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh 5.7
openbsd openssh 5.6
CVE-2011-1013 HIGH

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
linux linux_kernel *
openbsd openbsd *
CVE-2011-2168 MEDIUM

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
openbsd openbsd 4.6
openbsd openbsd 3.6
openbsd openbsd 2.3
openbsd openbsd 2.2
openbsd openbsd 4.1
openbsd openbsd 4.2
openbsd openbsd 2.9
openbsd openbsd 3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 3.8
openbsd openbsd 2.1
openbsd openbsd 4.5
openbsd openbsd 4.7
openbsd openbsd 4.3
openbsd openbsd 3.3
openbsd openbsd 4.0
openbsd openbsd 2.5
openbsd openbsd 3.7
openbsd openbsd 3.9
openbsd openbsd 4.4
openbsd openbsd 3.5
openbsd openbsd 3.0
openbsd openbsd 3.4
openbsd openbsd *
openbsd openbsd 3.1
openbsd openbsd 2.7
CVE-2011-2895 HIGH

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
x libxfont 1.3.2
openbsd openbsd 3.6
x libxfont 1.2.3
x libxfont 1.3.0
openbsd openbsd 2.3
openbsd openbsd 2.2
x libxfont 1.2.9
x libxfont 1.2.0
openbsd openbsd 2.9
openbsd openbsd 3.2
openbsd openbsd 2.0
openbsd openbsd 2.8
openbsd openbsd 2.6
openbsd openbsd 2.1
x libxfont 1.2.1
x libxfont 1.2.5
x libxfont 1.2.6
x libxfont 1.3.3
x libxfont 1.2.4
x libxfont 1.3.1
x libxfont *
openbsd openbsd 3.3
x libxfont 1.2.2
x libxfont 1.4.0
x libxfont 1.4.2
openbsd openbsd 2.5
netbsd netbsd *
x libxfont 1.3.4
x libxfont 1.4.1
x libxfont 1.2.7
openbsd openbsd 3.5
openbsd openbsd 3.0
x libxfont 1.2.8
openbsd openbsd 3.4
openbsd openbsd *
openbsd openbsd 3.1
openbsd openbsd 2.7
freebsd freebsd *
freetype freetype 2.1.9
CVE-2011-5000 LOW

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

CVSS 2.0

Severity: LOW

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 3.0.1
openbsd openssh 5.3
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 5.2
openbsd openssh 1.2.3
openbsd openssh 4.4
openbsd openssh 5.4
openbsd openssh 5.7
openbsd openssh 4.9
openbsd openssh 4.8
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.8
openbsd openssh 3.4p1
openbsd openssh 5.5
openbsd openssh 3.7.1p1
openbsd openssh 1.2
openbsd openssh 4.1
openbsd openssh 4.2
openbsd openssh 4.6
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 4.4p1
openbsd openssh 4.5
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 1.2.1
openbsd openssh 4.0p1
openbsd openssh 4.0
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 4.3p1
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 5.0
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3p2
openbsd openssh 3.9.1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 5.1
openbsd openssh 3.7.1p2
openbsd openssh *
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 1.5.8
openbsd openssh 5.6
openbsd openssh 1.2.27
openbsd openssh 3.9.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 4.7
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2012-0814 LOW

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openbsd openssh 3.2
openbsd openssh 2.3
openbsd openssh 3.0.1
openbsd openssh 2.1
openbsd openssh 5.3
openbsd openssh 3.0.1p1
openbsd openssh 3.6.1p2
openbsd openssh 2.9p2
openbsd openssh 2
openbsd openssh 5.2
openbsd openssh 1.2.3
openbsd openssh 2.5.2
openbsd openssh 2.9.9
openbsd openssh 4.4
openbsd openssh 5.4
openbsd openssh 4.9
openbsd openssh 4.8
openbsd openssh 3.7.1
openbsd openssh 3.8.1p1
openbsd openssh 3.8
openbsd openssh 3.4p1
openbsd openssh 5.5
openbsd openssh 3.7.1p1
openbsd openssh 1.2
openbsd openssh 2.3.1
openbsd openssh 4.1
openbsd openssh 4.2
openbsd openssh 4.6
openbsd openssh 4.1p1
openbsd openssh 3.5p1
openbsd openssh 4.4p1
openbsd openssh 4.5
openbsd openssh 3.6
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 3.8.1
openbsd openssh 1.2.1
openbsd openssh 4.0p1
openbsd openssh 2.9.9p2
openbsd openssh 4.0
openbsd openssh 2.9
openbsd openssh 1.5
openbsd openssh 3.1p1
openbsd openssh 1.2.2
openbsd openssh 4.3p1
openbsd openssh 2.2
openbsd openssh 3.9
openbsd openssh 3.0.2p1
openbsd openssh 3.1
openbsd openssh 5.0
openbsd openssh 3.0
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3p2
openbsd openssh 3.9.1
openbsd openssh 3.2.3p1
openbsd openssh 3.3
openbsd openssh 5.1
openbsd openssh 3.7.1p2
openbsd openssh *
openbsd openssh 3.6.1p1
openbsd openssh 3.5
openbsd openssh 1.3
openbsd openssh 2.1.1
openbsd openssh 2.9p1
openbsd openssh 1.5.8
openbsd openssh 1.2.27
openbsd openssh 3.9.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3
openbsd openssh 3.0.2
openbsd openssh 3.2.2p1
openbsd openssh 2.5.1
openbsd openssh 4.7
openbsd openssh 2.5
openbsd openssh 3.4
openbsd openssh 3.6.1
openbsd openssh 1.5.7
CVE-2012-5663 MEDIUM

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-459,

Products Affected

Vendor Product Version
openbsd textproc/isearch *
CVE-2013-2125 MEDIUM

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openbsd opensmtpd *
CVE-2013-4548 MEDIUM

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh 6.3
openbsd openssh 6.2
CVE-2014-1692 HIGH

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2014-2532 MEDIUM

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh 6.3
openbsd openssh *
openbsd openssh 6.4
openbsd openssh 6.1
openbsd openssh 6.2
oracle communications_user_data_repository 10.0.1
openbsd openssh 6.0
CVE-2014-2653 MEDIUM

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openssh 6.3
openbsd openssh *
openbsd openssh 6.4
openbsd openssh 6.5
openbsd openssh 6.1
openbsd openssh 6.2
openbsd openssh 6.0
CVE-2014-7250 MEDIUM

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openbsd openbsd 3.6
bsd bsd 4.3
netbsd netbsd 2.0
freebsd freebsd 5.4
CVE-2014-9278 MEDIUM

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openssh -
CVE-2014-9424 HIGH

Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd libressl *
CVE-2015-5333 MEDIUM

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
openbsd libressl *
CVE-2015-5334 HIGH

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
openbsd libressl *
CVE-2015-5352 MEDIUM

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2015-5600 HIGH

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2015-6563 LOW

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openssh *
apple mac_os_x *
CVE-2015-6564 MEDIUM

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2015-6565 HIGH

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh 6.8
openbsd openssh 6.9
CVE-2015-7687 HIGH

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 22
fedoraproject fedora 23
openbsd opensmtpd *
CVE-2015-8325 HIGH

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
openbsd openssh *
canonical ubuntu_touch 15.04
debian debian_linux 8.0
canonical ubuntu_core 15.04
debian debian_linux 7.0
canonical ubuntu_linux 12.04
CVE-2016-0777 MEDIUM

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openbsd openssh 5.3
sophos unified_threat_management_software 9.318
oracle linux 7
openbsd openssh 6.6
openbsd openssh 7.1
openbsd openssh 6.9
apple mac_os_x *
openbsd openssh 5.2
openbsd openssh 6.0
openbsd openssh 5.4
openbsd openssh 5.7
openbsd openssh 6.8
openbsd openssh 5.0
openbsd openssh 6.4
openbsd openssh 6.2
openbsd openssh 6.7
openbsd openssh 5.9
openbsd openssh 5.1
openbsd openssh 5.5
openbsd openssh 6.3
hp remote_device_access_virtual_customer_access_system *
openbsd openssh 5.8
oracle solaris 11.3
openbsd openssh 5.6
openbsd openssh 6.5
openbsd openssh 6.1
sophos unified_threat_management_software 9.353
openbsd openssh 7.0
CVE-2016-0778 MEDIUM

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh 6.3
oracle linux 7
openbsd openssh 6.6
openbsd openssh 5.8
openbsd openssh 7.1
openbsd openssh 6.9
oracle solaris 11.3
apple mac_os_x *
openbsd openssh 5.6
openbsd openssh 6.0
openbsd openssh 5.4
openbsd openssh 5.7
openbsd openssh 6.8
openbsd openssh 6.4
openbsd openssh 6.5
hp virtual_customer_access_system *
openbsd openssh 6.1
openbsd openssh 6.2
openbsd openssh 6.7
openbsd openssh 5.9
sophos unified_threat_management_software 9.353
openbsd openssh 7.0
openbsd openssh 5.5
CVE-2016-10009 HIGH

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2016-10010 MEDIUM

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2016-10011 LOW

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

CVSS 2.0

Severity: LOW

Problem Type: CWE-320,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2016-10012 HIGH

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2016-10708 MEDIUM

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
openbsd openssh *
netapp vasa_provider -
debian debian_linux 8.0
canonical ubuntu_linux 16.04
debian debian_linux 7.0
netapp data_ontap_edge -
netapp oncommand_unified_manager *
netapp data_ontap -
netapp cloud_backup -
netapp storagegrid -
netapp clustered_data_ontap -
netapp service_processor -
netapp storagegrid_webscale -
canonical ubuntu_linux 18.04
CVE-2016-1907 MEDIUM

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openssh 6.8
openbsd openssh 7.1
openbsd openssh 7.0
openbsd openssh 6.9
CVE-2016-1908 HIGH

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.4
oracle linux 7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
oracle linux 6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.3
openbsd openssh *
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_aus 7.2
CVE-2016-20012 MEDIUM

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
netapp ontap_select_deploy_administration_utility -
netapp clustered_data_ontap -
netapp hci_management_node -
netapp solidfire -
CVE-2016-3115 MEDIUM

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openssh *
oracle vm_server 3.2
CVE-2016-6210 MEDIUM

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2016-6239 MEDIUM

The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6240 HIGH

Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6241 HIGH

Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6242 MEDIUM

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6243 MEDIUM

thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6244 HIGH

The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 5.9
CVE-2016-6245 MEDIUM

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6246 MEDIUM

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6247 MEDIUM

OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6350 MEDIUM

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
openbsd openbsd 5.8
openbsd openbsd 5.9
CVE-2016-6515 HIGH

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openssh *
fedoraproject fedora 24
CVE-2016-6522 MEDIUM

Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
openbsd openbsd 5.9
CVE-2016-8858 HIGH

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openbsd openssh 6.8
openbsd openssh 7.2
openbsd openssh 7.1
openbsd openssh 7.0
openbsd openssh 6.9
openbsd openssh 7.3
CVE-2017-1000372 HIGH

A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2017-1000373 MEDIUM

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2017-15906 MEDIUM

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
oracle sun_zfs_storage_appliance_kit 8.8.6
netapp active_iq_unified_manager -
redhat enterprise_linux_server 7.0
netapp virtual_storage_console 9.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.7
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
redhat enterprise_linux_eus 7.6
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_workstation 7.0
openbsd openssh *
debian debian_linux 8.0
netapp oncommand_unified_manager_core_package -
netapp solidfire -
netapp data_ontap_edge -
netapp virtual_storage_console *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap *
netapp cn1610_firmware -
netapp cloud_backup -
redhat enterprise_linux_desktop 7.0
netapp clustered_data_ontap -
netapp hci_management_node -
redhat enterprise_linux_server_tus 7.7
CVE-2017-5850 HIGH

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
openbsd openbsd 6.0
CVE-2017-8301 LOW

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,

Products Affected

Vendor Product Version
openbsd libressl 2.5.3
openbsd libressl 2.5.1
openbsd libressl 2.5.2
CVE-2018-12434 LOW

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openbsd libressl 2.7.1
openbsd libressl *
openbsd libressl 2.7.3
openbsd libressl 2.7.0
openbsd libressl 2.7.2
CVE-2018-14775 MEDIUM

tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 6.3
openbsd openbsd 6.2
CVE-2018-15473 MEDIUM

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
oracle sun_zfs_storage_appliance_kit 8.8.6
canonical ubuntu_linux 16.04
siemens scalance_x204rna_firmware *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
netapp vasa_provider *
netapp data_ontap -
netapp aff_baseboard_management_controller -
netapp steelstore_cloud_integrated_storage -
netapp ontap_select_deploy -
netapp fas_baseboard_management_controller -
redhat enterprise_linux_workstation 7.0
openbsd openssh *
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter *
netapp data_ontap_edge -
netapp virtual_storage_console *
netapp oncommand_unified_manager *
netapp cn1610_firmware -
netapp cloud_backup -
redhat enterprise_linux_desktop 7.0
netapp clustered_data_ontap -
debian debian_linux 9.0
netapp service_processor -
canonical ubuntu_linux 18.04
CVE-2018-15919 MEDIUM

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openbsd openssh *
netapp cn1610_firmware -
netapp cloud_backup -
netapp ontap_select_deploy -
netapp data_ontap_edge -
netapp steelstore -
CVE-2018-20685 LOW

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
winscp winscp *
siemens scalance_x204rna_eec_firmware *
canonical ubuntu_linux 16.04
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.2
fujitsu m12-1_firmware *
redhat enterprise_linux_eus 8.4
netapp storage_automation_store -
redhat enterprise_linux 7.0
fujitsu m12-2s_firmware *
netapp steelstore_cloud_integrated_storage -
netapp ontap_select_deploy -
fujitsu m10-1_firmware *
redhat enterprise_linux_server_aus 8.2
openbsd openssh *
oracle solaris 10
redhat enterprise_linux_server_aus 8.4
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux 8.0
fujitsu m12-2_firmware *
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.6
fujitsu m10-4s_firmware *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
netapp cloud_backup -
fujitsu m10-4_firmware *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.4
netapp element_software -
canonical ubuntu_linux 18.04
CVE-2018-8970 MEDIUM

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
openbsd libressl 2.7.0
CVE-2019-14899 MEDIUM

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-Other,

Products Affected

Vendor Product Version
apple tvos *
freebsd freebsd -
apple macos 11.0
openbsd openbsd -
linux linux_kernel -
apple mac_os_x *
apple iphone_os *
apple ipados *
CVE-2019-16905 MEDIUM

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
openbsd openssh *
netapp cloud_backup -
siemens scalance_x204rna_ecc_firmware *
siemens scalance_x204rna_firmware *
netapp steelstore_cloud_integrated_storage -
CVE-2019-19519 MEDIUM

In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openbsd 6.6
CVE-2019-19520 MEDIUM

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
openbsd openbsd 6.6
CVE-2019-19521 HIGH

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openbsd 6.6
CVE-2019-19522 HIGH

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
openbsd openbsd 6.6
CVE-2019-19726 HIGH

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2019-25048 MEDIUM

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openbsd libressl *
CVE-2019-25049 MEDIUM

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openbsd libressl *
CVE-2019-6109 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
winscp winscp *
fedoraproject fedora 30
siemens scalance_x204rna_eec_firmware *
canonical ubuntu_linux 16.04
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.2
fujitsu m12-1_firmware *
redhat enterprise_linux_eus 8.4
netapp storage_automation_store -
fujitsu m12-2s_firmware *
netapp ontap_select_deploy -
fujitsu m10-1_firmware *
redhat enterprise_linux_server_aus 8.2
openbsd openssh *
redhat enterprise_linux_server_aus 8.4
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux 8.0
fujitsu m12-2_firmware *
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.6
fujitsu m10-4s_firmware *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
fujitsu m10-4_firmware *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.4
netapp element_software -
canonical ubuntu_linux 18.04
CVE-2019-6110 MEDIUM

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-838,CWE-838,

Products Affected

Vendor Product Version
winscp winscp *
openbsd openssh *
netapp storage_automation_store -
siemens scalance_x204rna_eec_firmware *
siemens scalance_x204rna_firmware *
netapp element_software -
netapp ontap_select_deploy -
CVE-2019-6111 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
freebsd freebsd 12.0
winscp winscp *
fedoraproject fedora 30
siemens scalance_x204rna_eec_firmware *
canonical ubuntu_linux 16.04
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_tus 8.2
fujitsu m12-1_firmware *
redhat enterprise_linux_eus 8.4
redhat enterprise_linux 7.0
fujitsu m12-2s_firmware *
fujitsu m10-1_firmware *
redhat enterprise_linux_server_aus 8.2
openbsd openssh *
redhat enterprise_linux_server_aus 8.4
debian debian_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux 8.0
fujitsu m12-2_firmware *
apache mina_sshd 2.2.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.6
fujitsu m10-4s_firmware *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
fujitsu m10-4_firmware *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.4
freebsd freebsd *
canonical ubuntu_linux 18.04
CVE-2019-8460 MEDIUM

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1049,NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2020-12062 MEDIUM

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openssh 8.2
CVE-2020-14145 MEDIUM

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
openbsd openssh *
netapp aff_a700s_firmware -
openbsd openssh 8.4
netapp solidfire -
netapp hci_compute_node -
netapp hci_storage_node -
openbsd openssh 8.5
netapp ontap_select_deploy_administration_utility -
netapp hci_management_node -
netapp steelstore_cloud_integrated_storage -
netapp active_iq_unified_manager *
openbsd openssh 8.6
CVE-2020-15778 MEDIUM

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netapp hci_storage_node -
openbsd openssh 8.3
openbsd openssh *
netapp a700s_firmware -
netapp hci_management_node -
broadcom fabric_operating_system -
netapp steelstore_cloud_integrated_storage -
netapp solidfire -
netapp active_iq_unified_manager *
netapp hci_compute_node -
CVE-2020-16088 HIGH

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openbsd openbsd *
CVE-2020-26142 LOW

An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
openbsd openbsd 6.6
CVE-2020-7247 HIGH

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-755,CWE-755,

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 32
openbsd opensmtpd 6.6
debian debian_linux 9.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2021-28041 MEDIUM

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
fedoraproject fedora 33
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle zfs_storage_appliance 8.8
openbsd openssh *
netapp hci_storage_node_firmware -
netapp cloud_backup -
fedoraproject fedora 34
netapp hci_management_node -
netapp solidfire -
netapp hci_compute_node_firmware -
CVE-2021-34999

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540.

Products Affected

Vendor Product Version
openbsd openbsd 6.9
CVE-2021-35000

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-16112.

Products Affected

Vendor Product Version
openbsd openbsd 6.9
CVE-2021-36368 LOW

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 10.0
openbsd openssh *
debian debian_linux 9.0
debian debian_linux 11.0
CVE-2021-41581 MEDIUM

x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
openbsd libressl *
CVE-2021-41617 MEDIUM

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 33
openbsd openssh *
netapp active_iq_unified_manager -
netapp solidfire -
oracle zfs_storage_appliance_kit 8.8
netapp ontap_select_deploy_administration_utility -
netapp aff_a250_firmware -
starwindsoftware starwind_virtual_san v8r13
fedoraproject fedora 34
oracle http_server 12.2.1.3.0
fedoraproject fedora 35
netapp clustered_data_ontap -
netapp hci_management_node -
netapp aff_500f_firmware -
oracle http_server 12.2.1.2.0
oracle http_server 12.2.1.4.0
CVE-2021-46880

x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.

Products Affected

Vendor Product Version
openbsd libressl *
openbsd openbsd *
CVE-2022-27881 MEDIUM

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
openbsd openbsd 7.0
openbsd openbsd 6.9
CVE-2022-27882 MEDIUM

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
openbsd openbsd 7.0
openbsd openbsd 6.9
CVE-2022-48437

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.

Products Affected

Vendor Product Version
openbsd libressl *
openbsd openbsd *
CVE-2023-27567

In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
openbsd openbsd 7.2
CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openbsd openssh *
netapp brocade_fabric_operating_system -
netapp solidfire_element_os -
netapp hci_bootstrap_os -
CVE-2023-29323

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
opensmtpd opensmtpd *
openbsd openbsd 7.1
openbsd openbsd 7.2
CVE-2023-35784

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

Products Affected

Vendor Product Version
openbsd openbsd 7.3
openbsd openbsd 7.2
openbsd libressl *
CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Products Affected

Vendor Product Version
openbsd openssh *
openbsd openssh 9.3
fedoraproject fedora 38
fedoraproject fedora 37
CVE-2023-40216

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openbsd openbsd 7.3
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
winscp winscp *
apache sshj *
sftpgo_project sftpgo *
libssh libssh *
fedoraproject fedora 39
golang crypto *
tinyssh tinyssh *
connectbot sshlib *
lancom-systems lcos_fx -
microsoft powershell *
redhat openshift_gitops -
redhat openshift_serverless -
redhat openshift_data_foundation 4.0
netgate pfsense_plus *
putty putty *
redhat single_sign-on 7.0
apple macos *
crates thrussh *
trilead ssh2 6401
kitty_project kitty *
jadaptive maverick_synergy_java_ssh_api *
net-ssh net-ssh 7.2.0
apache sshd *
crushftp crushftp *
dropbear_ssh_project dropbear_ssh *
netsarang xshell_7 *
redhat enterprise_linux 8.0
redhat keycloak -
russh_project russh *
panic transmit_5 *
bitvise ssh_server *
lancom-systems lcos_sx 4.20
redhat ceph_storage 6.0
tera_term_project tera_term *
redhat jboss_enterprise_application_platform 7.0
redhat openshift_dev_spaces -
redhat storage 3.0
proftpd proftpd *
redhat cert-manager_operator_for_red_hat_openshift -
redhat openshift_api_for_data_protection -
lancom-systems lcos_lx -
lancom-systems lanconfig -
oryx-embedded cyclone_ssh *
gentoo security -
redhat advanced_cluster_security 4.0
lancom-systems lcos *
erlang erlang/otp *
matez jsch *
netgate pfsense_ce *
redhat advanced_cluster_security 3.0
fedoraproject fedora 38
redhat openshift_container_platform 4.0
debian debian_linux 10.0
redhat enterprise_linux 9.0
redhat openshift_developer_tools_and_services -
openbsd openssh *
redhat openstack_platform 16.1
redhat openstack_platform 17.1
redhat discovery -
paramiko paramiko *
ssh ssh *
bitvise ssh_client *
lancom-systems lcos_sx 5.20
roumenpetrov pkixssh *
asyncssh_project asyncssh *
redhat openshift_pipelines -
panic nova *
redhat openstack_platform 16.2
libssh2 libssh2 *
thorntech sftp_gateway_firmware *
ssh2_project ssh2 *
filezilla-project filezilla_client *
vandyke securecrt *
freebsd freebsd *
redhat openshift_virtualization 4
CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 12.0
openbsd openssh *
debian debian_linux 11.0
CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
debian debian_linux 12.0
debian debian_linux 10.0
openbsd openssh *
debian debian_linux 11.0
CVE-2023-52556

In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.

Products Affected

Vendor Product Version
openbsd openbsd *
openbsd openbsd 7.4
CVE-2023-52557

In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.

Products Affected

Vendor Product Version
openbsd openbsd 7.3
openbsd openbsd *
CVE-2023-52558

In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.

Products Affected

Vendor Product Version
openbsd openbsd 7.3
openbsd openbsd *
openbsd openbsd 7.4
CVE-2024-10933

In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

Products Affected

Vendor Product Version
openbsd openbsd *
openbsd openbsd 7.4
CVE-2024-10934

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openbsd openbsd 7.5
openbsd openbsd *
openbsd openbsd 7.4
CVE-2024-11148

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
openbsd openbsd 7.3
openbsd openbsd *
openbsd openbsd 7.4
CVE-2024-11149

In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H 2.0 5.3

Products Affected

Vendor Product Version
openbsd openbsd *
openbsd openbsd 7.4
CVE-2024-29937

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

Products Affected

Vendor Product Version
freebsd freebsd 14.0
openbsd openbsd *
CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
debian debian_linux 12.0
freebsd freebsd 13.3
sonicwall sma_6200_firmware -
netapp a250_firmware -
arista eos *
netapp fas2720_firmware -
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
netapp ontap_tools 10
netapp a220_firmware -
netapp a1k_firmware -
openbsd openssh 4.4
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
netapp bootstrap_os -
sonicwall sra_ex_7000_firmware -
freebsd freebsd 14.0
netapp c250_firmware -
netapp 8300_firmware -
sonicwall sma_8200v_firmware -
netapp a9500_firmware -
apple macos *
openbsd openssh 8.6
netapp a700s_firmware -
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_server_aus 9.4
freebsd freebsd 13.2
netapp a900_firmware -
canonical ubuntu_linux 22.04
netapp fas2820_firmware -
sonicwall sma_7200_firmware -
netapp fas2750_firmware -
netapp a90_firmware -
netapp a800_firmware -
netapp c190_firmware -
netapp ontap 9
netapp 500f_firmware -
netapp a400_firmware -
netapp active_iq_unified_manager -
netapp a70_firmware -
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
canonical ubuntu_linux 23.10
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
openbsd openssh 8.5
canonical ubuntu_linux 23.04
sonicwall sma_6210_firmware -
netapp e-series_santricity_os_controller *
redhat openshift_container_platform 4.0
suse linux_enterprise_micro 6.0
canonical ubuntu_linux 22.10
redhat enterprise_linux 9.0
openbsd openssh *
sonicwall sma_7210_firmware -
amazon amazon_linux 2023.0
freebsd freebsd 14.1
netapp ontap_tools 9
almalinux almalinux 9.0
netapp a150_firmware -
netapp c400_firmware -
netbsd netbsd *
canonical ubuntu_linux 24.04
netapp c800_firmware -
netapp ontap_select_deploy_administration_utility -
netapp 8700_firmware -
amazon linux_2023 -
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
debian debian_linux 12.0
redhat enterprise_linux 9.0
openbsd openssh *
netapp ontap 9
openbsd openssh 6.8
netapp active_iq_unified_manager -
debian debian_linux 11.0
openbsd openssh 9.9
redhat openshift_container_platform 4.0
CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
debian debian_linux 12.0
openbsd openssh 9.5
canonical ubuntu_linux 24.04
openbsd openssh 9.7
debian debian_linux 11.0
openbsd openssh 9.9
openbsd openssh 9.8
debian debian_linux 13.0
openbsd openssh 9.6
canonical ubuntu_linux 24.10
CVE-2025-30334

In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
openbsd openbsd 7.6
openbsd openbsd 7.5
openbsd openbsd *
CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N 2.0 1.4
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.5 1.4

Products Affected

Vendor Product Version
openbsd openssh *
debian debian_linux 11.0
CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 1.0 2.5

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.0 1.4

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2026-35414

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 1.6 2.5

Products Affected

Vendor Product Version
openbsd openssh *
CVE-2026-41285

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
openbsd openbsd *