Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openbsd openbsd 6.6 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-7247
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote malicious users to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncomm...
Openbsd Opensmtpd 6.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
9 Github repositories
1 Article
9
CVSSv2
CVE-2019-14287
In Sudo prior to 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=...
Sudo Project Sudo
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Netapp Element Software Management Node -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
60 Github repositories
1 Article
7.5
CVSSv2
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Openbsd Openbsd 6.6
1 Github repository
7.5
CVSSv2
CVE-2003-0681
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Sendmail Advanced Message Server 1.2
Sendmail Advanced Message Server 1.3
Sendmail Sendmail 8.10
Sendmail Sendmail 8.10.1
Sendmail Sendmail 8.11.5
Sendmail Sendmail 8.11.6
Sendmail Sendmail 8.12.6
Sendmail Sendmail 8.12.7
Sendmail Sendmail 8.8.8
Sendmail Sendmail 8.9.0
Sendmail Sendmail Switch 2.1.1
Sendmail Sendmail Switch 2.1.2
Sendmail Sendmail Switch 2.2.3
Sendmail Sendmail Switch 2.2.4
Sendmail Sendmail 2.6.2
Sendmail Sendmail 3.0
Sendmail Sendmail 3.0.1
Sendmail Sendmail 8.11.1
Sendmail Sendmail 8.11.2
Sendmail Sendmail 8.12.2
Sendmail Sendmail 8.12.3
Sendmail Sendmail 8.12
1 EDB exploit
7.2
CVSSv2
CVE-2019-19726
OpenBSD up to and including 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries ...
Openbsd Openbsd
1 Article
7.2
CVSSv2
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned b...
Openbsd Openbsd 6.6
1 Github repository
5.8
CVSSv2
CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and previous versions allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Openbsd Openssh 6.4
Openbsd Openssh 6.3
Openbsd Openssh 6.5
Openbsd Openssh 6.2
Openbsd Openssh 6.1
Openbsd Openssh 6.0
Openbsd Openssh
5.8
CVSSv2
CVE-2014-2532
sshd in OpenSSH prior to 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote malicious users to bypass intended environment restrictions by using a substring located before a wildcard character.
Oracle Communications User Data Repository 10.0.1
Openbsd Openssh
Openbsd Openssh 6.4
Openbsd Openssh 6.1
Openbsd Openssh 6.0
Openbsd Openssh 6.3
Openbsd Openssh 6.2
4.6
CVSSv2
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd 6.6
4.6
CVSSv2
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
Openbsd Openbsd 6.6
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »