OpenBSD VuXML

Documenting security issues in the OpenBSD Ports & Packages Collection

Security issues that affect the OpenBSD Ports & Packages Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

VuXML ID index

[by package name] [by topic] [by CVE name] [by entry date] [by modified date] [by VuXML ID]
VuXML ID Topic
0393affc-68d8-11d9-9b34-00065bd5b0b6 unrtf -- buffer overflow vulnerability
046e2950-f28d-11d8-87d5-00304f19272c mysql-server -- insecure file creation in mysqlhotcopy
086072e4-c180-11d9-aaa3-00065bd5b0b6 gnutls -- denial of service vulnerability
08d1eaa2-a357-11d8-a9d2-00304f19272c exim -- buffer overflow when verify = header_syntax is used
08d4fef6-2032-11d9-9fa6-00065bd5b0b6 cyrus-sasl -- dynamic library loading and set-user-ID applications
0903c1ee-ed8f-11d8-85d9-00304f19272c jftpgw -- format string vulnerability
0dfcb310-0f38-11da-ba28-00065bd5b0b6 gaim -- remote execution of arbitrary code
0e1d83ba-e887-11d9-a1e0-00065bd5b0b6 clamav -- denial of service vulnerability
0e6e1208-1f6a-11d9-bd52-00065bd5b0b6 icecast -- HTTP header overflow
10085106-e2a5-11d9-824c-00065bd5b0b6 tor -- information disclosure vunlerability
1558170a-ffa5-11d9-ae9e-000b5d77b0f5 clamav -- multiple buffer overflows
1781a0b8-6fa5-11d9-8c73-080020fe8945 squid -- several vulnerabilites
194d4b1e-dcce-11d8-8ec2-00304f19272c samba -- potential buffer overrun with 'mangling method = hash'
1bb61f4e-e31c-11d8-835a-00304f19272c sox -- buffer overflows while handling malicious WAV files
23ac1dfa-9273-11d9-ac88-080020fe8945 mlterm -- integer overflow vulnerability
25d2ae6a-248b-11d9-9edf-00065bd5b0b6 gaim -- DOS and buffer overflow vulnerabilities
29a17ee2-6fd9-11d9-a77b-080020f8e4df exim -- two buffer overflow vulnerabilities
2b173998-7b9f-11d9-9d2e-080020f8e4df (X)emacs -- format string vulnerability
2c31b38c-a9c5-11d8-a4d3-00304f19272c cadaver -- buffer overflow in included libneon
304e1dec-b69a-11d9-bf80-00065bd5b0b6 p5-Convert-UUlib -- buffer overflow
3f170d64-84c9-11d9-bc42-00065bd5b0b6 mod_auth_radius -- remote integer overflow
3f283964-d905-11d9-b5e0-00065bd5b0b6 leafnode -- denial of service vulnerability
456f1b12-6a38-11d9-bc5d-00065bd5b0b6 xpdf -- multiple stack overflows in makeFileKey2();
477ae7a2-545c-11d9-b950-00065bd5b0b6 acroread -- mailListIsPdf() buffer overflow vulnerability
4a667f60-5468-11d9-a47f-00065bd5b0b6 mplayer -- multiple overflow vulnerabilites
4c7b5bd4-372c-11da-a14b-00065bd5b0b6 imap-uw -- buffer verflow vulnerability
4ccf3184-812c-11d9-b5a5-080020fe8945 mc -- multiple vulnerabilities
4d8e22dc-52ca-11d9-a89b-00065bd5b0b6 php5 -- multiple vulnerabilities
4d960e7a-9537-11d9-9fda-080020fe8945 xv -- filename handling vulnerability
52619d3a-9bf3-11d9-afb3-00065bd5b0b6 jabberd -- multiple vulnerabilities
531c3456-94dc-11d9-a433-080020fe8945 curl -- authentication buffer overflow vulnerability
5b0a3876-8d8e-11d8-9680-00304f19272c monit -- multiple vulnerabilities
5c518cb6-1159-11da-a4ba-000b5d77b0f5 acroread -- buffer overflow
5d1fded4-8ef3-11d8-8fa0-00304f19272c mysql -- insecure temporary file creation
5efb4690-6abb-11d9-99e9-00065bd5b0b6 mysql-server -- mysqlaccess insecure temporary file creation
62e68efa-2357-11d9-a317-00065bd5b0b6 bnc -- input validation flaw
63f4c28a-c85c-11d9-a130-00065bd5b0b6 nasm -- multiple vulnerabilities
682743ae-5774-11d9-8c22-080020f8e4df tetex -- buffer overflow vunerability in included xpdf
6892e9b2-9cf1-11d8-913e-00304f19272c libpng -- out of bound access
6b90f21a-c246-11d8-b7bd-00304f19272c aspell -- buffer overflow in word-list-compress
6b9d4376-9f4b-11d8-acd3-00304f19272c xonix -- failure to drop privileges
6be50b40-e72e-11d8-8bde-00304f19272c png -- stack-based buffer overflow and other code concerns
70857374-6c99-11d9-9b2f-00065bd5b0b6 cups -- stack overflow in included xpdf code
72004e00-3363-11d9-b968-00065bd5b0b6 bnc -- buffer overflow vulnerability
739b674e-7c75-11d9-8f68-080020fe8945 enscript -- multiple vulnerabilities
75ecb34c-cc7d-11d9-8e94-00065bd5b0b6 net-snmp -- fixproc insecure temporary file creation
7612fe54-b00c-11d9-9c1d-00065bd5b0b6 php5 -- multiple vulnerabilities
7d55ff5a-ffa7-11d9-a07e-000b5d77b0f5 vim -- modelines execute arbitrary shell code
7ede6b9a-8d8f-11d8-8738-00304f19272c mplayer -- heap overflow in http requests
7eeb6f46-a12d-11d8-8c01-00304f19272c mplayer -- buffer overflow in Real RTSP streaming
81639df2-efe8-11d8-a1f0-00304f19272c ruby -- insecure file permissions
81c7db10-4609-11d9-981c-00065bd5b0b6 zip -- long path buffer overflow
84dd64b0-72cc-11d9-a56c-00065bd5b0b6 evolution -- arbitrary code execution vulnerability
86ec9d8c-50ff-11d9-87a4-00065bd5b0b6 php4 -- multiple vulnerabilities
87443336-d787-11d8-97dd-00304f19272c php4 -- memory_limit remote vulnerability
8e8a1166-8432-11da-899e-00065bd5b0b6 clamav -- heap overflow in the UPX code
8f635e70-ee5c-11d8-8e25-00304f19272c rsync -- path-sanitizing bug that affects daemon mode if chroot is disabled
921f8a04-8d8f-11d8-a2c4-00304f19272c squid -- ACL bypass due to URL decoding bug
92248e4e-bd88-11d9-985a-00065bd5b0b6 leafnode -- denial of service vulnerability
9236ec86-a53e-11d9-b004-00065bd5b0b6 sylpheed -- message reply buffer overflow vulnerability
9317ac06-5441-11d9-8ad2-00065bd5b0b6 xpdf -- buffer overflow vunerability
96097a9c-c3d3-11d8-9e2f-00304f19272c pure-ftpd -- potential DoS when maximum connections is reached
96fd6bc2-7cb8-11d9-abaf-080020fe8945 gcpio -- broken file permissions
99158684-a791-11d9-93dc-00065bd5b0b6 gaim -- multiple vulnerabilities
9bf5aad8-ba14-11d9-9e14-00065bd5b0b6 ImageMagick -- ReadPNMImage() heap overflow vulnerability
9fc8eb84-5209-11d9-98b6-00065bd5b0b6 opera -- multiple vulnerabilities
a37de4b6-7a9d-11d9-b49f-080020fe8945 dante -- fd_set structure bitmap array index overflow
a48626fa-2509-11d9-a3b1-00065bd5b0b6 cabextract -- directory-traversal issue
a55ce9b2-720a-11d9-8a67-00065bd5b0b6 imap-uw -- inappropriate user authentication (CRAM-MD5)
a5fce9ae-aef5-11d8-a988-00304f19272c opera -- telnet URI handler file creation/truncation vulnerability
a7ce7b3c-136a-11da-bb92-00065bd5b0b6 openvpn -- several vulnerabilities
a917147c-cd02-11d8-bfb3-00304f19272c mailman -- member password disclosure vulnerability
aee27100-fcf2-11d9-b3c7-00065bd5b0b6 fetchmail -- remote code injection vulnerability
af6d7600-eaf6-11d9-99db-00065bd5b0b6 tor -- server disregards exit policies
b552a55a-136d-11da-a0d4-00065bd5b0b6 pcre -- heap overflow
b735b5b2-7b7c-11d9-b18e-080020fe8945 mailman -- directory traversal vulnerability
b77e53aa-cf9f-11d8-b426-00304f19272c png -- buffer overflow vulnerability on the row buffers
b9d96cbe-f2d2-11d9-82d5-00065bd5b0b6 php4-pear -- PHP script injection vulnerability
ba5cd8e4-7788-11d9-bdc2-080020f8e4df postgresql -- privilege escalation via LOAD
bd003c68-9ae1-11d9-862b-00065bd5b0b6 grip -- CDDB response multiple matches buffer overflow vulnerability
be6057f4-9ecf-11d9-82a1-00065bd5b0b6 gnupg -- OpenPGP protocol attack
c3abac88-d029-11d8-92cb-00304f19272c opera -- frame injection vulnerability
c606260a-aa87-11d9-8af3-00065bd5b0b6 rsnapshot -- local privilege escalation
c6f452e8-b00a-11d9-825c-00065bd5b0b6 php4 -- multiple vulnerabilities
ccd8f644-a9c3-11d8-b3ce-00304f19272c neon -- buffer overflow
cf9986f2-cd8d-11d9-a230-00065bd5b0b6 squid -- multiple vulnerabilities
cfaf74c2-92c3-11d8-94fd-00304f19272c neon -- format string vulnerabilities
d045aeb6-9ea6-11d9-9623-00065bd5b0b6 tiff -- multiple vulnerabilities
d47b6772-6f81-11d9-909c-080020fe8945 mailman -- cross-site scripting vulnerability
d79a032a-2763-11d9-a0f4-00065bd5b0b6 xpdf -- integer overflow vulnerabilities
d9ee77da-c3f0-11d9-b2f0-00065bd5b0b6 gaim -- multiple vulnerabilities
dd10c062-a029-11d8-b3db-00304f19272c lha -- buffer overflows and path traversal issues
e362ef7a-043d-11da-a2dc-000b5d77b0f5 jabberd -- buffer overflow vulnerabilities
e5d8e2be-0825-11da-a6c1-00065bd5b0b6 tor -- critical security bug
e6b4a1ae-9404-11d9-8c05-080020fe8945 libexif -- buffer overflow vulnerability
e80d814e-e9b6-11d9-a5c1-00065bd5b0b6 ruby -- arbitrary command execution on XMLRPC server
e9b45990-abff-11d9-a42d-080020f8e4df xv -- multiple buffer overflows
ef3340d0-8e40-11d8-8539-00304f19272c cadaver -- format string vulnerabilities
f007c016-f128-11d9-b34e-080020f8e4df p5-Mail-SpamAssassin -- denial of service vulnerability
f009a996-5c98-11d9-b1e2-080020f8e4df gnomevfs -- unsafe URI handling
f46673fc-84e8-11d9-abde-080020fe8945 unace -- multiple buffer overflows
f5663aea-248e-11d9-8d81-00065bd5b0b6 squid -- SNMP related denial of service
fda7f504-7777-11d9-8045-080020f8e4df opera -- Data URLs with executables and misleading download dialog
fed84e4c-ffa8-11d9-b09a-000b5d77b0f5 opera -- multiple vulnerabilities
ff473784-f80c-11d8-a555-00304f19272c kdelibs -- konqueror cross-domain cookie injection

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.