openSUSE 15 Security Update : avahi (openSUSE-SU-2021:1845-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1845-1 advisory. - avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial-of-service vulnerability exists in the AFUNIX Socket Provider in Microsoft...

PT-2021-5071 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the Windows AF UNIX Socket Provider, which can be exploited by an attacker to cause a denial of service. This can be achieved by...

USN-5008-2: Avahi vulnerability

USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this...

USN-5008-2 avahi vulnerability

USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this...

USN-5008-1 avahi vulnerabilities

Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. CVE-2021-3468 It...

SUSE SLES15 Security Update : avahi (SUSE-SU-2021:1493-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1493-2 advisory. - A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix...

CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

AZL-6324 CVE-2021-3468 affecting package avahi for versions less than 0.8-1

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

ALPINE-CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

DEBIAN-CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

UBUNTU-CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

CVE-2021-3468

CVE-2021-3468 affects the Avahi package: versions 0.6 through 0.8 contain a flaw where the event signaling termination of a client connection on the Avahi Unix socket is mishandled in client_work, allowing a local attacker to trigger an infinite loop. The primary impact is availability, with the ...

CVE-2021-3468

A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is...

libvncserver: buffer overflow in ConnectClientToUnixSock()

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename...

spice-vdagent: possibility to exhaust file descriptors in vdagentd

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. This flaw allows any unprivileged local guest user to prevent legitimate agents from connecting to the...

spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. This flaw allows any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock to perform a memory denial of service for...

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android 11 suffers from an elevation of privilege vulnerability. The vulnerability arises due to memory corruption due to post-release reuse in wpasctrlmsgqueuetimeout of...

PT-2021-7335 · Avahi +8 · Avahi +8

Name of the Vulnerable Software and Affected Versions: Avahi versions 0.6 up to 0.8 Description: The issue is related to the client work function in the Avahi service discovery system, which can lead to an infinite loop due to a condition with no exit. This can be exploited by an attacker to caus...

AZL-7364 CVE-2020-25652 affecting package spice-vdagent for versions less than 0.22.1-1

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...