270 matches found
dropbear 安全漏洞
Dropbear is an application developed by Matt Johnston personally. Dropbear has a security vulnerability. This vulnerability stems from the fact that, in multi-user mode, the Dropbear SSH server executes socket forwarding requests from remote clients as root accounts. This allows users who can log...
CVE-2026-22983
The CVE-2026-22983 entry refers to a Linux kernel issue where msg_get_inq was written in the callee, risking a NULL pointer dereference. The vulnerability is described as a kernel-internal variant of msghdr where callers reinitialize the field; fixing the write is intended to improve robustness a...
Node.js security vulnerabilities
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Version v25 of Node.js contains a security vulnerability. This vulnerability stems from a flaw in the permission model, allowing Unix domain sockets to bypass network restrictions. This...
MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...
MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...
MiracleLinux 8 : nodejs:16 (AXSA:2022-3844:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3844:01 advisory. nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via invali...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001086)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001086 advisory. The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000994)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000994 advisory. The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by sending each descriptor over a...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003326)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003326 advisory. The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002293)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002293 advisory. The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by sending each descriptor over a...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002813)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002813 advisory. The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of...
MiracleLinux 3 : acpid-1.0.4-7AXS3.1 (AXSA:2009-55:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-55:01 advisory. acpid is a daemon that dispatches ACPI events to user-space programs. Fixed bugs: CVE-2009-0798: The daemon in acpid before 1.0.10 allows remote attackers to...
PT-2026-27759
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the af unix subsystem related to garbage collection GC and the interaction with the MSG PEEK flag. Specifically, the GC mechanism could incorrectly...
CVE-2023-54226
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races around sk-skshutdown. KCSAN found a data race around sk-skshutdown where unixreleasesock and unixshutdown update it under unixstatelock, OTOH unixpoll and unixdgrampoll read it locklessly. We need to annota...
PT-2025-54055
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-02330-gca6270c12e20 Description The Linux kernel contained data races around the sk-sk shutdown variable within the AF UNIX socket family. Kernel Concurrency Sanitizer KCSAN identified that unix release...
CVE-2023-54018
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue as it may return NULL pointer and cause NULL pointer dereference in hdmihdcp.c and hdmihpd.c. Patchwork:...
CVE-2023-54006
CVE-2023-54006 affects the Linux kernel af_unix path. It is a data race where unix_tot_inflight is written under a spin_lock but read locklessly by unix_release_sock; the fix is to use READ_ONCE() for unix_tot_inflight. The description (and multiple advisories) indicate a KCSAN-detected race betw...
CVE-2023-54006 af_unix: Fix data-race around unix_tot_inflight.
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-race around unixtotinflight. unixtotinflight is changed under spinlockunixgclock, but unixreleasesock reads it locklessly. Let's use READONCE for unixtotinflight. Note that the writer side was marked by commit...
Linux Distros Unpatched Vulnerability : CVE-2025-40214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afunix: Initialise sccindex in unixaddedge. Quang Le reported that the AFUNIX GC could garbage- collect a receive queue of an alive in-flight socket, with a nic...
EUVD-2025-36448
In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...