openbsd project

Top products

The 15 most recently published vulnerabilities affecting openbsd project.

• CVE-2026-41285In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd...4.3Apr 20, 2026
• CVE-2026-35414OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma ch...4.2Apr 2, 2026
• CVE-2026-32772telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.3.4Mar 13, 2026
• CVE-2025-61985ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.3.6Oct 6, 2025
• CVE-2025-61984ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untr...3.6Oct 6, 2025
• BDU:2025-10376Уязвимость функции ssh_packet_read_poll2() файла packet.c средства криптографической защиты OpenSSH, позволяющая нарушителю вызвать отказ в обслуживании7.5Aug 27, 2025
• CVE-2025-32728In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.4.3Apr 10, 2025
• CVE-2025-30334OpenBSD wg(4) kernel crash6.5Mar 20, 2025
• CVE-2025-26466Openssh: denial-of-service in openssh5.9Feb 28, 2025
• CVE-2025-26465Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled6.8Feb 18, 2025
• CVE-2024-11148OpenBSD httpd(8) null dereference7.5Dec 5, 2024
• CVE-2024-10934OpenBSD NFS double-free vulnerability9.8Nov 15, 2024
• CVE-2024-6409Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 97.0Jul 8, 2024
• CVE-2024-39894OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing ...7.5Jul 2, 2024
• CVE-2024-6387Openssh: regresshion - race condition in ssh allows rce/dos8.1Jul 1, 2024