AZL-7362 CVE-2020-25650 affecting package spice-vdagent for versions less than 0.22.1-1

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

PT-2020-16148 · Red Hat +7 · Spice-Vdagent +8

Name of the Vulnerable Software and Affected Versions: spice-vdagent versions 0.20 and prior Description: A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock...

UBUNTU-CVE-2020-25652

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

ALPINE-CVE-2020-12049

An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the sendmsg function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service...

CVE-2019-12929

QEMU's Machine Protocol QMP is designed to enable remote applications ex. Libvirt to control and manage QEMU process instances. QEMU Guest-Agent is a daemon program which helps remote applications ex. Libvirt to run commands on the guest VM, it supports QMP commands. It is meant to be used by...

FreeBSD-SA-19:15.mqueuefs - Privilege Escalation

FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Exploit: FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Author: Karsten König of Secfault Security Date: 2019-12-30 Change line 719 to choose which vulnerability is targeted libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper Explo...

Podman / Varlink Remote Code Execution

!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...

MGASA-2019-0284 Updated ibus packages fix security vulnerability

It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...

CVE-2019-12928

QEMU's Machine Protocol QMP is designed to enable remote applications ex. Libvirt to control and manage QEMU process instances. It is meant to be used by trusted users and applications. The TCP server socket is only one of the transport options supported by QMP; other, more secure options, being...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system...

CUJO Smart Firewall static DHCP hostname command injection vulnerability

Summary An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system...

Updated nagios packages fix security vulnerability

A flaw was found in Nagios Core version 4.4.1 and earlier. The qhhelp function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket CVE-2018-13441. A flaw was found in...

USN-3887-1: snapd vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its...

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

USN-3887-1 snapd vulnerability

Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems wit...

CVE-2018-13458

qhcore in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

CVE-2018-13441

qhhelp in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...