CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

EUVD-2016-9498

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-38065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality with...

The vulnerability of the SIGALRM interrupt handler in the OpenSSH cryptographic security tool allows a hacker to execute arbitrary code.

The vulnerability of the SIGALRM interrupt handler in the OpenSSH cryptographic security tool is related to the reutilization of previously freed memory due to competitive access to resources race condition. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by...

OpenBSD OpenSSH 8.7p1 - 8.8p1 RCE Vulnerability

OpenBSD OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

SUSE CVE-2011-3603

The router advertisement daemon radvd before 1.8.2 does not properly handle errors in the privsepinit function, which causes the radvd daemon to run as root and has an unspecified impact...

SUSE CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

CVE-2022-38065

A privilege escalation flaw was found in the oslo-privsep functionality in OpenStack. Overly permissive functionality in the tools leveraging this library within a container can lead to increased privileges...

DEBIAN-CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...

PT-2022-7148 · Openstack +1 · Openstack +2

Name of the Vulnerable Software and Affected Versions: OpenStack versions prior to git master 05194e7618 Description: A privilege escalation issue exists in the oslo.privsep functionality of OpenStack. This is due to overly permissive functionality within tools that leverage this library within a...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack suffers from a security vulnerability that stems from an elevation of privilege vulnerability in the oslo.privsep function, where over-licensed functions can lead to increased...

Updated radvd packages fix security vulnerability

A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...

S-nail < 14.8.16 - Local Privilege Escalation

!/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling /var/tmp/.privget.c ... . Adding /var/tmp/.snail.s...

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...