CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0960
https://notcve.org/view.php?id=CVE-2005-0960
03 Apr 2005 — Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). • http://securitytracker.com/id?1013611 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0637
https://notcve.org/view.php?id=CVE-2005-0637
04 Mar 2005 — The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. • http://secunia.com/advisories/14432 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 1CVE-2005-0740
https://notcve.org/view.php?id=CVE-2005-0740
13 Jan 2005 — The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. • http://secunia.com/advisories/13819 •
CVSS: 9.8EPSS: 2%CPEs: 111EXPL: 1CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
31 Dec 2004 — Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2338
https://notcve.org/view.php?id=CVE-2004-2338
31 Dec 2004 — OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. • http://www.openbsd.org/errata33.html •
CVSS: 8.1EPSS: 7%CPEs: 2EXPL: 0CVE-2004-2069
https://notcve.org/view.php?id=CVE-2004-2069
31 Dec 2004 — sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). • http://marc.info/?l=openssh-unix-dev&m=107520317020444&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2230
https://notcve.org/view.php?id=CVE-2004-2230
31 Dec 2004 — Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. • http://secunia.com/advisories/13443 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2163
https://notcve.org/view.php?id=CVE-2004-2163
31 Dec 2004 — login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. • http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2004-1799
https://notcve.org/view.php?id=CVE-2004-1799
31 Dec 2004 — PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. • http://marc.info/?l=full-disclosure&m=107331321302113&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2760
https://notcve.org/view.php?id=CVE-2004-2760
31 Dec 2004 — sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnera... • http://archive.cert.uni-stuttgart.de/bugtraq/2004/04/msg00162.html • CWE-16: Configuration •