CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 8CVE-2019-19726 – OpenBSD 6.x - Dynamic Loader Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19726
12 Dec 2019 — OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. OpenBSD versiones hasta 6.6, permite a usuarios locales escalar a root porque una com... • https://packetstorm.news/files/id/174986 • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-14899 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2019-14899
11 Dec 2019 — A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. Se detectó una vulne... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1577
https://notcve.org/view.php?id=CVE-2012-1577
10 Dec 2019 — lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. El archivo lib/libc/stdlib/random.c en OpenBSD devuelve 0 cuando es sembrado con 0. • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2019-19519 – Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19519
04 Dec 2019 — In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. En OpenBSD versión 6.6, los usuarios locales pueden usar la opción su -L para lograr cualquier clase de inicio de sesión (a menudo excluyendo root) porque hay un bug en la función principal en el archivo su/su.c. Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities. • https://packetstorm.news/files/id/155572 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 5CVE-2019-19520 – Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19520
04 Dec 2019 — xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. xlock en OpenBSD versiones 6.6, permite a usuarios locales conseguir los privilegios del grupo de autenticación al proporcionar una variable de entorno LIBGL_DRIVERS_PATH, porque el archivo xenocara/lib/mesa/src/loader/loader.c maneja inapropiadamente dlopen. Qualys has discovered that OpenBSD suffers from mu... • https://packetstorm.news/files/id/155572 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2019-19521 – Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19521
04 Dec 2019 — libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c). libc en OpenBSD versión 6.6, permite omitir la autenticación por medio del nombre de usuario -schallenge, como es demostrado por smtpd, ldapd o radiusd. Esto está relacionado con los archivos gen/auth_subr.c y gen/authenticate.c en libc (y los archivos login/l... • https://packetstorm.news/files/id/155572 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2019-19522 – Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19522
04 Dec 2019 — OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. OpenBSD versión 6.6, en una configuración no predeterminada donde la autenticación S/Key o YubiKey está habilitada, permite a usuarios locales convertirse a root mediante el aprovechamiento de la membresía en el grupo de autentic... • https://packetstorm.news/files/id/155572 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8460
https://notcve.org/view.php?id=CVE-2019-8460
26 Aug 2019 — OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. La versión del núcleo de OpenBSD anterior o igual a la versión 6.5 se puede forzar a crear largas cadenas de agujeros TCP SACK que provocan llamadas muy costosas a tcp_sack_option () para cada paquete SACK entrante que puede conducir a una denegación de servicio. • https://ftp.openbsd.org/pub/OpenBSD/patches/6.5/common/006_tcpsack.patch.sig • CWE-1049: Excessive Data Query Operations in a Large Data Table •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6724
https://notcve.org/view.php?id=CVE-2019-6724
18 Mar 2019 — The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. El componente barracudavpn de Barracuda VPN Client, en versiones anteriores a la 5.0.2.7 para Linux, macOS y OpenBSD, se ejecuta como proceso privilegiado y puede permitir que un atacante local sin privilegios cargue una librería maliciosa, lo que resu... • http://campus.barracuda.com/product/networkaccessclient/doc/78154147/release-notes-barracuda-vpn-client-for-macos • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14775
https://notcve.org/view.php?id=CVE-2018-14775
01 Aug 2018 — tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. tss_alloc en sys/arch/i386/i386/gdt.c en OpenBSD 6.2 y 6.3 tiene una denegación de servicio (DoS) local (cierre inesperado del sistema) debido a un acceso incorrecto al puerto I/O en la arquitectura i386. • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/i386/gdt.c • CWE-20: Improper Input Validation •