DEBIAN-CVE-2018-13457

qhecho in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

CVE-2018-13441

qhhelp in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

CVE-2018-13457

qhecho in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

CVE-2018-13458

qhcore in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

CVE-2018-13441

qhhelp in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...

QEMU Guest Agent 2.12.50 - Denial of Service

QEMU Guest Agent 2.12.50 - Denial of Service Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50...

QEMU Guest Agent 2.12.50 Denial Of Service

Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE : CVE-2018-12617 QEMU Guest Agent 2.12.5...

QEMU Guest Agent 2.12.50 - Denial of Service

Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE : CVE-2018-12617 QEMU Guest Agent 2.12.5...

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

Privilege Escalation

github.com/juju/juju is vulnerable to privilege escalation. The application does not set up the UNIX Socket with proper permissions, allowing a malicious user to gain root privileges through the juju-run 'whoami' command...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.18.4 - net/packet: fix overflow in check for tpreserve Andrey Konovalov Orabug: 26143552 CVE-2017-7308 - net/packet: fix overflow in check for tpframenr Andrey Konovalov Orabug: 26143552 CVE-2017-7308 - net/packet: fix overflow in check for priv area size Andrey Konovalov...

ALPINE-CVE-2016-10369

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control...

Fedora 24 : suricata (2017-f9f3a78148)

This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default;...

Fedora 25 : suricata (2017-f3aac83a8f)

This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default;...

CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

PCSC-Lite: Multiple vulnerabilities

Background PCSC-Lite is a middleware to access a smart card using the SCard API PC/SC. Description The SCardReleaseContext function normally releases resources associated with the given handle including “cardsList” and clients should cease using this handle. However, a malicious client can make t...

GLSA-201702-01 : PCSC-Lite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201702-01 PCSC-Lite: Multiple vulnerabilities The SCardReleaseContext function normally releases resources associated with the given handle including cardsList and clients should cease using this handle. However, a malicious clien...

[ASA-201701-12] pcsclite: privilege escalation

Arch Linux Security Advisory ASA-201701-12 ========================================== Severity: Medium Date : 2017-01-04 CVE-ID : CVE-2016-10109 Package : pcsclite Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-126 Summary ======= The package pcsclite before...

Use-After-Free Vulnerability in pcsc-lite

Peter Wu on Openwall mailing-list reports: The issue allows a local attacker to cause a Denial of Service, but can potentially result in Privilege Escalation since the daemon is running as root. while any local user can connect to the Unix socket. Fixed by patch which is released with hpcsc-lite...

curl security, bug fix, and enhancement update

7.29.0-35 - fix incorrect use of a previously loaded certificate from file related to CVE-2016-5420 7.29.0-34 - acknowledge the --no-sessionid/CURLOPTSSLSESSIONIDCACHE option required by the fix for CVE-2016-5419 7.29.0-33 - fix re-using connections with wrong client cert CVE-2016-5420 - fix TLS...