181 matches found
Traceroute 2.1.2 Privilege Escalation
Description: In Traceroute 2.0.12 through to 2.1.2 fixed in 2.1.3, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog...
CVE-2023-0629
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...
CVE-2023-0629 Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...
PT-2023-1878 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.16.x Description: The issue allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on...
K27575300: Linux kernel vulnerability CVE-2019-17053
Security Advisory Description ieee802154create in net/ieee802154/socket.c in the AFIEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. CVE-2019-17053 Impact There is no impact; F...
K16011: Linux kernel vulnerability CVE-2012-6657
Security Advisory Description The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service system crash by leveraging the ability to create a raw...
K84024430: Linux kernel vulnerability CVE-2017-7542
Security Advisory Description The ip6find1stfragopt function in net/ipv6/outputcore.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service integer overflow and infinite loop by leveraging the ability to open a raw socket. CVE-2017-7542 Impact This vulnerability allow...
K63176101: Linux kernel vulnerability CVE-2019-17055
Security Advisory Description basesockcreate in drivers/isdn/mISDN/socket.c in the AFISDN network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. CVE-2019-17055 Impact There is no impact; F5...
SUSE CVE-2012-6657
The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service system crash by leveraging the ability to create a raw socket...
SUSE CVE-2017-7542
The ip6find1stfragopt function in net/ipv6/outputcore.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service integer overflow and infinite loop by leveraging the ability to open a raw socket...
SUSE CVE-2019-17053
ieee802154create in net/ieee802154/socket.c in the AFIEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7...
SUSE CVE-2019-17054
atalkcreate in net/appletalk/ddp.c in the AFAPPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c...
SUSE CVE-2019-17055
basesockcreate in drivers/isdn/mISDN/socket.c in the AFISDN network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21...
SUSE CVE-2020-10942
In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls...
Ubuntu: Security Advisory (USN-4185-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Log4Shell RCE detection via Raw Socket Logging (Direct Check)
Binary data apachelog4jjndildapgenericraw.nbin...
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to perform ioctl2 cal...