EUVD-2019-9137

Malware in sbrugna...

CVE-2019-19521

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/authsubr.c and gen/authenticate.c in libc and login/login.c and xenocara/app/xenodm/greeter/verify.c...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...

EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2022-2566)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require th...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1735)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9459)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9459 advisory. - fs/namespace.c: fix mountpoint reference counter race Piotr Krysiuk Orabug: 33369433 CVE-2020-12114 CVE-2020-12114 - btrfs: only search for...

OpenBSD 注入漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system from the Canadian OpenBSD Openbsd project team. A security vulnerability exists in OpenBSD version 6.6. An attacker can inject arbitrary network packets independent of the network configuration...

OpenBSD OpenSMTPD 6.6 Remote Code Execution Exploit

smtpmailaddr in smtpsession.c in OpenSMTPD version 6.6, as used in OpenBSD version 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default...

Input validation

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

OpenBSD 6.6 Multiple Authentication Bypass Vulnerabilities

Binary data openbsdauthbypass.nbin...

CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LDLIBRARYPATH in setuid programs can be defeated by setting a very small RLIMITDATA resource limit. When executing chpass or passwd which are setuid root, dlsetupenv in ld.so tries to strip LDLIBRARYPATH from the...

Qualys Security Advisory - OpenBSD Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...

CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

Design/Logic Flaw

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

Design/Logic Flaw

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...

CVE-2019-19519

In OpenBSD 6.6, local users can use the su -L option to achieve any login class often excluding root because there is a logic error in the main function in su/su.c...