The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the...

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

Buffer overflow in OpenBSD ping.

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Denial of service in "poll" in OpenBSD.

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then w...

FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), wh...

Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.