Known Vulnerabilities for products from Openbsd
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openbsd".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33306 | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2021-41617 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation bec... | 7 - HIGH | 2021-09-26 | 2023-12-26 |
| CVE-2021-41581 | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer ov... | 5.5 - MEDIUM | 2021-09-24 | 2021-09-29 |
| CVE-2021-36368 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.7 - LOW | 2022-03-13 | 2023-11-07 |
| CVE-2021-28041 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained ... | 7.1 - HIGH | 2021-03-05 | 2023-11-07 |
| CVE-2020-26142 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as... | 5.3 - MEDIUM | 2021-05-11 | 2021-12-03 |
| CVE-2020-16088 | iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking ... | 9.8 - CRITICAL | 2020-07-28 | 2022-01-04 |
| CVE-2020-15778 | ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backt... | 7.8 - HIGH | 2020-07-24 | 2023-11-07 |
| CVE-2020-14145 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm nego... | 5.9 - MEDIUM | 2020-06-29 | 2022-04-28 |
| CVE-2020-12062 | ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call fa... | 7.5 - HIGH | 2020-06-01 | 2023-11-07 |
| CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execu... | 9.8 - CRITICAL | 2020-01-29 | 2023-11-07 |
| CVE-2019-25049 | LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | 7.1 - HIGH | 2021-07-01 | 2021-07-08 |
| CVE-2019-25048 | LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_... | 7.1 - HIGH | 2021-07-01 | 2021-07-08 |
| CVE-2019-19726 | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defe... | 7.8 - HIGH | 2019-12-12 | 2023-10-06 |
| CVE-2019-19522 | OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become ro... | 7.8 - HIGH | 2019-12-05 | 2020-08-24 |
| CVE-2019-19521 | libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. T... | 9.8 - CRITICAL | 2019-12-05 | 2019-12-12 |
| CVE-2019-19520 | xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environmen... | 7.8 - HIGH | 2019-12-05 | 2020-08-24 |
| CVE-2019-19519 | In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a log... | 7.8 - HIGH | 2019-12-05 | 2021-07-21 |
| CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer ove... | 7.8 - HIGH | 2019-10-09 | 2023-03-01 |
| CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or a... | 7.4 - HIGH | 2019-12-11 | 2023-03-01 |