Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opendoas Project Subscribe
Filtered by product Opendoas
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28339 1 Opendoas Project 1 Opendoas 2023-03-21 N/A 8.8 HIGH
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
CVE-2019-25016 1 Opendoas Project 1 Opendoas 2022-04-26 6.5 MEDIUM 8.8 HIGH
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.