CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6240
https://notcve.org/view.php?id=CVE-2016-6240
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. Error de truncamiento de entero en la función amap_alloc en OpenBSD 5.8 y 5.9 permite a usuarios locales ejecutar código arbitrario con privilegios del kernel a través de un valor de gran tamaño. • http://www.openbsd.org/errata58.html http://www.openbsd.org/errata59.html http://www.openwall.com/lists/oss-security/2016/07/14/5 http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 http://www.securitytracker.com/id/1036318 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2016-6350
https://notcve.org/view.php?id=CVE-2016-6350
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. OpenBSD 5.8 y 5.9 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y pánico) a través de una llamada sysctl con una ruta que comienza con 10,9. • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/kern/vfs_subr.c.diff?r1=1.248&r2=1.249 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/tmpfs/tmpfs_vfsops.c.diff?r1=1.9&r2=1.10 http://www.openwall.com/lists/oss-security/2016/07/26/6 http://www.openwall.com/lists/oss-security/2016/07/26/8 http://www.securityfocus.com/bid/92140 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-6247
https://notcve.org/view.php?id=CVE-2016-6247
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. OpenBSD 5.8 y 5.9 permite a ciertos usuarios locales provocar una denegación de servicio (pánico en el kernel) desmontando un sistema de archivos con un vnode abierto en el mnt_vnodelist. • http://www.openbsd.org/errata58.html http://www.openbsd.org/errata59.html http://www.openwall.com/lists/oss-security/2016/07/14/5 http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6244
https://notcve.org/view.php?id=CVE-2016-6244
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. La función sys_thrsigdivert en kern/kern_sig.c en el kernel OpenBSD 5.9 permite a atacantes remotos provocar una denegación de servicio (pánico) a través de un valor "ts.tv_sec" negativo. • http://www.openwall.com/lists/oss-security/2016/07/17/7 http://www.securityfocus.com/bid/91805 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-5850 – OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2017-5850
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. httpd en OpenBSD permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de una serie de peticiones para un archivo grande utilizando un encabezado HTTP Range. OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/41278 http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2 http://packetstormsecurity.com/files/140944/OpenBSD-HTTP-Server-6.0-Denial-Of-Service.html http://seclists.org/fulldisclosure/2017/Feb/15 http://www.openwall.com/lists/oss-security/2017/02/02/6 http://www.securityfocus.com/bid/95997 http://www.securitytracker.com/id/1037758 https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.sig https://ftp.openbsd.or • CWE-770: Allocation of Resources Without Limits or Throttling •