Page 5 of 48 results (0.002 seconds)

CVSS: 5.0EPSS: 4%CPEs: 17EXPL: 1

The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. • http://secunia.com/advisories/13819 http://securitytracker.com/id?1012861 http://www.openbsd.org/errata35.html http://www.securityfocus.com/bid/12250 •

CVSS: 7.1EPSS: 1%CPEs: 111EXPL: 1

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://security.e-matters.de/advisories/092004.html http://www.securityfocus.com/bid/10499 https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. • http://www.openbsd.org/errata33.html http://www.openbsd.org/errata34.html http://www.securityfocus.com/bid/9867 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. • http://marc.info/?l=full-disclosure&m=107331321302113&w=2 http://www.osvdb.org/19105 http://www.securityfocus.com/bid/9362 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. • http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html http://secunia.com/advisories/12617 http://www.openbsd.org/errata35.html#radius http://www.osvdb.org/10203 http://www.reseau.nl/advisories/0400-openbsd-radius.txt http://www.securityfocus.com/bid/11227 https://exchange.xforce.ibmcloud.com/vulnerabilities/17456 •