The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenBSD

vulnerability note 28374

OpenBSD: memory leak via unveil

Synthesis of the vulnerability

An attacker can create a memory leak via unveil() of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28374.

Description of the vulnerability

An attacker can create a memory leak via unveil() of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 28373

OpenBSD: denial of service via NFS

Synthesis of the vulnerability

An attacker can trigger a fatal error via NFS of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28373.

Description of the vulnerability

An attacker can trigger a fatal error via NFS of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28372

OpenBSD: information disclosure via mincore

Synthesis of the vulnerability

A local attacker can read a memory fragment via mincore() of OpenBSD, in order to obtain sensitive information.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 28/01/2019.
Identifiers: VIGILANCE-VUL-28372.

Description of the vulnerability

A local attacker can read a memory fragment via mincore() of OpenBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28102

OpenBSD: buffer overflow via setsockopt

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via setsockopt() of OpenBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 27/12/2018.
Identifiers: VIGILANCE-VUL-28102.

Description of the vulnerability

An attacker can trigger a buffer overflow via setsockopt() of OpenBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28052

OpenBSD: assertion error via recv MSG_WAITALL

Synthesis of the vulnerability

An attacker can force an assertion error via recv() MSG_WAITALL of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/12/2018.
Identifiers: VIGILANCE-VUL-28052.

Description of the vulnerability

An attacker can force an assertion error via recv() MSG_WAITALL of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 27924

OpenBSD 6.4: denial of service via Qcow2 4GB Write

Synthesis of the vulnerability

An attacker can generate a fatal error via Qcow2 4GB Write of OpenBSD 6.4, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/11/2018.
Identifiers: VIGILANCE-VUL-27924.

Description of the vulnerability

An attacker can generate a fatal error via Qcow2 4GB Write of OpenBSD 6.4, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27923

OpenBSD: memory leak via Sockets SCM_RIGHTS MSG_PEEK

Synthesis of the vulnerability

An attacker can create a memory leak via Sockets SCM_RIGHTS MSG_PEEK of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 30/11/2018.
Identifiers: VIGILANCE-VUL-27923.

Description of the vulnerability

An attacker can create a memory leak via Sockets SCM_RIGHTS MSG_PEEK of OpenBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: bulletinapr2019, CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-18313

Perl Core: out-of-bounds memory reading via S_grok_bslash_N

Synthesis of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133192, bulletinapr2019, CVE-2018-18313, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27918.

Description of the vulnerability

An attacker can force a read at an invalid address via S_grok_bslash_N() of Perl Core, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-18312

Perl Core: buffer overflow via Regular Expression Compilation

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133423, bulletinapr2019, CVE-2018-18312, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27917.

Description of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenBSD: