Lucene search
K

458 matches found

OSV
OSV
added 2020/08/04 5:31 p.m.2 views

USN-4452-1 libvirt vulnerability

Trent Shea working with Trend Micro´s Zero Day Initiative, discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges...

9.3CVSS7.2AI score0.00383EPSS
Exploits0References2
OSV
OSV
added 2020/06/08 5:15 p.m.2 views

DEBIAN-CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

5.5CVSS6.5AI score0.00569EPSS
Exploits1References1
Veracode
Veracode
added 2020/05/10 11:21 p.m.20 views

Buffer Overflow

Putty is vulnerable to buffer overflow. The sshagentchanneldata function in PuTTY allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection,...

9.8CVSS5.9AI score0.21816EPSS
Exploits4References9Affected Software1
Veracode
Veracode
added 2020/04/10 12:17 a.m.22 views

Denial Of Service (DoS)

gdm is vulnerable to denial of service. A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket...

1.5CVSS2.3AI score0.00327EPSS
Exploits1References20Affected Software1
Mageia
Mageia
added 2020/02/18 2:5 p.m.54 views

Updated kernel-linus packages fix security vulnerabilities

This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...

10CVSS9AI score0.08667EPSS
Exploits2References22
NVD
NVD
added 2020/01/30 1:15 a.m.22 views

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.2AI score0.00492EPSS
Exploits2References4
OSV
OSV
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2020/01/30 1:15 a.m.13 views

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

5.5CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2020/01/30 1:15 a.m.15 views

Null pointer dereference

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

2.1CVSS6.2AI score0.00492EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2020/01/30 12:33 a.m.89 views

CVE-2020-8446

CVE-2020-8446 affects OSSEC-HIDS 2.7–3.5.0. The server component ossec-analysisd is vulnerable to a path traversal with write access, exploitable by a local user through crafted syscheck messages sent to the analysisd UNIX domain socket. Impact: integrity is HIGH, confidentiality and availability...

5.5CVSS5.7AI score0.00504EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/01/30 12:33 a.m.22 views

CVE-2020-8446

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user...

7.3AI score0.00504EPSS
Exploits2References4
Cvelist
Cvelist
added 2020/01/30 12:32 a.m.24 views

CVE-2020-8448

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user...

7.1AI score0.00492EPSS
Exploits2References4
CVE
CVE
added 2020/01/30 12:32 a.m.82 views

CVE-2020-8448

OSSEC-HIDS CVE-2020-8448 affects 2.7–3.5.0; the server component ossec-analysisd is vulnerable to a denial of service via a NULL pointer dereference when local users craft messages sent to the analysisd UNIX domain socket. Impact is a local DoS with partial availability impact per CVSS. Mitigatio...

5.5CVSS5.5AI score0.00492EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2020/01/29 12:15 a.m.14 views

CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

7.1CVSS7AI score0.00655EPSS
Exploits0References16
OSV
OSV
added 2020/01/29 12:15 a.m.3 views

DEBIAN-CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

7.1CVSS6.5AI score0.00655EPSS
Exploits0References1
Prion
Prion
added 2020/01/29 12:15 a.m.29 views

Design/Logic Flaw

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

3.6CVSS6.6AI score0.00655EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2020/01/29 12:15 a.m.1 views

UBUNTU-CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

7.1CVSS6.7AI score0.00655EPSS
Exploits0References11
Cvelist
Cvelist
added 2020/01/28 11:43 p.m.31 views

CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

7.1AI score0.00655EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2020/01/28 11:43 p.m.39 views

CVE-2020-8428

fs/namei.c in the Linux kernel before 5.5 has a maycreateinsticky use-after-free, which allows local users to cause a denial of service OOPS or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if...

7.1CVSS7AI score0.00655EPSS
Exploits0
0day.today
0day.today
added 2019/12/31 12:0 a.m.110 views

FreeBSD fd Privilege Escalation Exploit

Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd. Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf...

8.8CVSS0.6AI score0.01229EPSS
Exploits4
Rows per page
Query Builder