CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

EUVD-2026-8832

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

CVE-2026-27975 Ajenti has a potential Remote Code Execution

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

Beckhoff Automation's various products have a vulnerability regarding input validation errors.

Beckhoff Automation products such as Beckhoff.Device.Manager.XAR are developed by the American company Beckhoff Automation. Beckhoff.Device.Manager.XAR is a core component used for remote management and controller configuration. The Beckhoff Automation MDP software package for TwinCAT/BSD is a co...

CVE-2001-1541

Buffer overflow in Unix-to-Unix Copy Protocol UUCP in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument...

CVE-1999-0061

File creation and deletion, and remote execution, in the BSD line printer daemon lpd...

CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices...

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve...

CVE-1999-0001

ipinput.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service crash or hang via crafted packets...

CVE-1999-0305

The system configuration control sysctl facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the 1 dosourceroute or 2 forwarding variables are set, which allows remote attackers to spoof TCP...

[SECURITY] Fedora 43 Update: uriparser-1.0.0-1.fc43

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

FreeBSD : RT -- CSV injection (b374df95-afa8-11f0-b4c8-792b26d8a051)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b374df95-afa8-11f0-b4c8-792b26d8a051 advisory. Gareth Watkin-Jones from 4armed reports: RT is vulnerable to CSV injection via ticket values with speci...

Periodic Script Persistence

This module will achieve persistence by writing a script to the /etc/periodic directory. According to The Art of Mac Malware no such malware species persist in this manner 2024. This payload requires root privileges to run. This module can be run on BSD, OSX or Arch Linux. Module Options msf use...

EUVD-2000-0986

Malware in sbrugna...

EUVD-1999-1452

Malware in sbrugna...

EUVD-2016-7480

Malware in sbrugna...

EUVD-2000-0093

Malware in sbrugna...

EUVD-2000-0980

Malware in sbrugna...

EUVD-1999-1195

Malware in sbrugna...