CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35000 – OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-35000
06 Jan 2022 — OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. • https://www.zerodayinitiative.com/advisories/ZDI-22-012 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41617 – openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
https://notcve.org/view.php?id=CVE-2021-41617
26 Sep 2021 — sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones... • https://bugzilla.suse.com/show_bug.cgi?id=1190975 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41581
https://notcve.org/view.php?id=CVE-2021-41581
24 Sep 2021 — x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. La función x509_constraints_parse_mailbox en el archivo lib/libcrypto/x509/x509_constraints.c en LibreSSL versiones hasta 3.4.0, presenta una lectura excesiva del búfer en la región stack de la memoria. Cuando la entrada excede DOMAIN_PART_MAX_LEN, el búfer carece de terminación "\0". • https://github.com/libressl-portable/openbsd/issues/126 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 20%CPEs: 5EXPL: 3CVE-2016-20012
https://notcve.org/view.php?id=CVE-2016-20012
15 Sep 2021 — OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product ** EN DISPTUTA ** OpenSSH versiones hasta 8.7, permite a atacantes remotos, que presentan la sospecha de que una determinada combi... • https://github.com/aztec-eagle/cve-2016-20012 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25049
https://notcve.org/view.php?id=CVE-2019-25049
01 Jul 2021 — LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura fuera de límites en la función asn1_item_print_ctx (llamada desde asn1_template_print_ctx) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13920 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-25048
https://notcve.org/view.php?id=CVE-2019-25048
01 Jul 2021 — LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). LibreSSL versiones 2.9.1 hasta 3.2.1, presenta una lectura excesiva de búfer en la región heap de la memoria en la función do_print_ex (llamado desde asn1_item_print_ctx y ASN1_item_print) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2010-4816
https://notcve.org/view.php?id=CVE-2010-4816
22 Jun 2021 — It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. Se encontró en FreeBSD versiones 8.0, 6.3 y 4.9, y en OpenBSD versiones 4.6 que una desreferencia de puntero null en el archivo ftpd/popen.c puede conllevar a una denegación de servicio remota del servicio ftpd • https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144761 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2020-26142
https://notcve.org/view.php?id=CVE-2020-26142
11 May 2021 — An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. Se detectó un problema en el kernel en OpenBSD versión 6.6. Las implementaciones WEP, WPA, WPA2 y WPA3 tratan las tramas fragmentadas como tramas completas. • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-28041 – Gentoo Linux Security Advisory 202105-35
https://notcve.org/view.php?id=CVE-2021-28041
05 Mar 2021 — ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. ssh-agent en OpenSSH versiones anteriores a 8.5, presenta una doble liberación que puede ser relevante en algunos escenarios menos comunes, como el acceso sin restricciones al socket del agente en un sistema operativo heredado o el reenvío de un agente a un host controlado p... • https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-16088
https://notcve.org/view.php?id=CVE-2020-16088
28 Jul 2020 — iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. iked en OpenIKED, como es usado en OpenBSD versiones hasta 6.7, permite omitir una autenticación porque el archivo ca.c presenta una lógica equivocada para comprobar si una clave pública coincide • https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/014_iked.patch.sig • CWE-287: Improper Authentication •