CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

DEBIAN-CVE-2023-28339

OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...

Authorization Bypass

doas is vulnerable to authorization bypass. The vulnerability exists as the PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command...

Unspecified vulnerability in slicer69 doas

slicer69 doas is a utility program used on the OpenBSD platform to execute privileged commands for Root users. A security vulnerability exists in slicer69 doas versions prior to 6.2, which can be exploited by an attacker to execute commands with root privileges...

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

CVE-2019-15900

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

Command injection

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum3, sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The resul...

Design/Logic Flaw

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15901

The CVE concerns slicer69 doas prior to 6.2 on non-OpenBSD platforms (Linux, possibly NetBSD). A setusercontext(3) call intended to adjust UID, primary GID, and secondary GIDs was replaced with a single setuid(2) call. As a result, the group ID is not changed and secondary group IDs are not initi...

CVE-2019-15901

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext3 call with flags to change the UID, primary GID, and secondary GIDs was replaced on certain platforms: Linux and possibly NetBSD with a single setuid2 call. This resulted in neither...

CVE-2019-15900

Consolidated details across NVD/Red Hat/OSV/PRION/CVE records show CVE-2019-15900 affects slicer69 doas before 6.2 on platforms other than OpenBSD. Root cause: on platforms lacking strtonum(3), the code uses sscanf without checking errors and inspects an uninitialized errstr, which can lead to su...

PT-2019-14463 · Slicer69 · Slicer69 Doas

Name of the Vulnerable Software and Affected Versions: slicer69 doas versions prior to 6.2 Description: An issue was discovered in slicer69 doas where sscanf was used without checking for error cases on platforms without strtonum3. The uninitialized variable errstr was checked, and in some cases,...

FreeBSD : doas -- Prevent passing of environment variables (7f7d6412-bae5-11e9-be92-3085a9a95629)

Jesse Smith upstream author of the doas program reported : Previous versions of 'doas' transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or writte...

doas -- Prevent passing of environment variables

Jesse Smith upstream author of the doas program reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read or written...

GHSA-RXMR-C9JM-7MM8 Exposure of Sensitive Information to an Unauthorized Actor in Apache hive

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...