CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30334 – OpenBSD wg(4) kernel crash
https://notcve.org/view.php?id=CVE-2025-30334
20 Mar 2025 — In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/015_wg.patch.sig • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11149 – OpenBSD vmm GDTR limits
https://notcve.org/view.php?id=CVE-2024-11149
06 Dec 2024 — In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/014_vmm.patch.sig •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10933 – OpenBSD readdir directory traversal
https://notcve.org/view.php?id=CVE-2024-10933
05 Dec 2024 — In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11148 – OpenBSD httpd(8) null dereference
https://notcve.org/view.php?id=CVE-2024-11148
05 Dec 2024 — In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10934 – OpenBSD NFS double-free vulnerability
https://notcve.org/view.php?id=CVE-2024-10934
15 Nov 2024 — In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig • CWE-415: Double Free •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43688
https://notcve.org/view.php?id=CVE-2024-43688
20 Aug 2024 — cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring. • https://github.com/vixie/cron/commit/9cc8ab1087bb9ab861dd5595c41200683c9f6712 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-29937
https://notcve.org/view.php?id=CVE-2024-29937
21 Mar 2024 — NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. NFS en una base de código derivada de BSD, como se usa en OpenBSD hasta 7.4 y FreeBSD hasta 14.0-RELEASE, permite a atacantes remotos ejecutar código arbitrario a través de un error que no está relacionado con la corrupción de la memoria. • https://news.ycombinator.com/item?id=39778203 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52557 – OpenBSD 7.3 invalid l2tp message npppd crash
https://notcve.org/view.php?id=CVE-2023-52557
01 Mar 2024 — In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/016_npppd.patch.sig • CWE-131: Incorrect Calculation of Buffer Size CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38283
https://notcve.org/view.php?id=CVE-2023-38283
29 Aug 2023 — In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-40216
https://notcve.org/view.php?id=CVE-2023-40216
10 Aug 2023 — OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. OpenBSD 7.3 antes de la errata 014 carece de una comprobación de límites de recuento de argumentos en la emulación de terminal de consola. Esto podría provocar un acceso incorrecto a la memoria y un bloqueo del kernel tras recibir secuencias de escape de terminal DCS o CSI falsificadas. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/014_wscons.patch.sig • CWE-862: Missing Authorization •