openbsd

349 tracked vulnerabilities.

CVE-2025-26466 MEDIUM
OpenSSH - Denial of Service via Ping Packet Memory Exhaustion
Feb 28, 2025
CVSS 5.9
EPSS 0.38
CVE-2025-26465 MEDIUM
OpenSSH 6.9-9.7 - Machine-in-the-Middle Attack via VerifyHostKeyDNS Error Handling
Feb 18, 2025
CVSS 6.8
EPSS 0.07
CVE-2024-11149 HIGH
OpenBSD < 7.4 - Denial of Service via vmm(4) GDTR Limits Restoration
Dec 06, 2024
CVSS 7.9
EPSS 0.00
CVE-2024-11148 HIGH
OpenBSD < 7.3 - NULL Pointer Dereference in httpd FastCGI Request Handling
Dec 05, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-10933 MEDIUM
OpenBSD < 7.4 - Path Traversal via Untrusted File System readdir
Dec 05, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-10934 CRITICAL
OpenBSD < 7.4 - Double Free in NFS Client and Server Implementation
Nov 15, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-6387 HIGH
OpenSSH - DoS
Jul 01, 2024
CVSS 8.1
EPSS 1.00
CVE-2024-29937 CRITICAL
OpenBSD and FreeBSD NFS - Remote Code Execution
Apr 11, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-52558 HIGH
OpenBSD < 7.3 - Denial of Service via Network Buffer Split Handling
Mar 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-52557 HIGH
OpenBSD < 7.3 - Denial of Service via L2TP AVP Length Mismatch
Mar 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-52556 MEDIUM
OpenBSD < 7.4 - Denial of Service via pf(4) State Expiration Race Condition
Mar 01, 2024
CVSS 6.2
EPSS 0.00
CVE-2023-51767 HIGH
OpenSSH through 10.0 - Authentication Bypass via Row Hammer Bit Flip
Dec 24, 2023
CVSS 7.0
EPSS 0.01
CVE-2023-51385 MEDIUM
OpenSSH < 9.6 - OS Command Injection via Shell Metacharacters in Username or Hostname
Dec 18, 2023
CVSS 6.5
EPSS 0.20
CVE-2023-51384 MEDIUM
OpenSSH <9.6 - Privilege Escalation
Dec 18, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-48795 MEDIUM NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.93
CVE-2023-40216 MEDIUM
OpenBSD 7.3 - Denial of Service via Crafted DCS or CSI Terminal Escape Sequences
Aug 10, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-38408 CRITICAL
OpenSSH < 9.3p2 - Remote Code Execution via PKCS#11 Untrusted Search Path
Jul 20, 2023
CVSS 9.8
EPSS 0.77
CVE-2023-35784 CRITICAL
LibreSSL < 3.6.3 and 3.7.x < 3.7.3 - Use-After-Free in SSL_clear
Jun 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-29323 HIGH
OpenSMTPD < 7.0.0 - Denial of Service via Local Scoped IPv6 Address Handling
Apr 04, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-28531 CRITICAL
OpenSSH <9.3 - Privilege Escalation
Mar 17, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-27567 HIGH
OpenBSD 7.2 - Denial of Service via TCP Packet with Destination Port 0
Mar 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25136 MEDIUM
OpenSSH 9.1 - Unauthenticated Double Free in KEX Algorithms Handling
Feb 03, 2023
CVSS 6.5
EPSS 0.90
CVE-2022-48437 MEDIUM
LibreSSL < 3.6.1 and OpenBSD < 7.2 - Improper Certificate Validation in x509_verify_ctx_add_chain
Apr 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-27882 HIGH
OpenBSD 6.9-7.0 - Heap-Based Buffer Overflow in slaacd via IPv6 Router Advertisement
Mar 25, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27881 HIGH
OpenBSD 6.9-7.0 - Buffer Overflow in slaacd via IPv6 Router Advertisement
Mar 25, 2022
CVSS 7.5
EPSS 0.02