CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38283
https://notcve.org/view.php?id=CVE-2023-38283
29 Aug 2023 — In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46880
https://notcve.org/view.php?id=CVE-2021-46880
14 Apr 2023 — x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. • https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48437
https://notcve.org/view.php?id=CVE-2022-48437
12 Apr 2023 — An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. • https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27882
https://notcve.org/view.php?id=CVE-2022-27882
25 Mar 2022 — slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. slaacd en OpenBSD versiones 6.9 y 7.0 anteriores a 22-03-2022, presenta un error de firma de enteros y un desbordamiento de búfer resultante en la región heap de la memoria que puede ser desencadenado por un anuncio de enrutador IPv6 diseñado. NOTA: la separación de privileg... • https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27881
https://notcve.org/view.php?id=CVE-2022-27881
25 Mar 2022 — engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. El archivo engine.c en slaacd en OpenBSD versiones 6.9 y 7.0 anteriores a 21-02-2022, presenta un desbordamiento de búfer desencadenable por un anuncio de enrutador IPv6 con más de siete servidores de nombre. NOTA: la separación de privilegios y la protección pueden prevenir la explotaci... • https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2010-4816
https://notcve.org/view.php?id=CVE-2010-4816
22 Jun 2021 — It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. Se encontró en FreeBSD versiones 8.0, 6.3 y 4.9, y en OpenBSD versiones 4.6 que una desreferencia de puntero null en el archivo ftpd/popen.c puede conllevar a una denegación de servicio remota del servicio ftpd • https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 5%CPEs: 111EXPL: 1CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
31 Dec 2004 — Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 •
CVSS: 9.1EPSS: 7%CPEs: 47EXPL: 0CVE-2004-1082
https://notcve.org/view.php?id=CVE-2004-1082
03 Feb 2004 — mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html •