71 matches found
libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of...
CVE-2017-1002101
It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Android operating system’s socket subsystem is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application that utilizes the AFMSMIPC socket, or any other socket not...
PT-2016-5687 · Red Hat +1 · Red Hat Openshift Enterprise +1
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.2 Description: The issue is related to improper access restriction to STI builds, allowing remote authenticated users to access the Docker socket and gain privileges. This is achieved through vectors...
CVE-2016-3738
A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges...
CVE-2012-3430
The rdsrecvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a 1 recvfrom or 2 recvmsg system call on an RDS socket...
Linux Kernel 2.6.33.3 SCTP INIT Denial Of Service
From: http://jon.oberheide.org/files/sctp-boom.py !/usr/bin/env python ''' sctp-boom.py Linux Kernel http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlie...
DEBIAN-CVE-2005-0201
D-BUS dbus before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket...
traceSolaris.txt
/usr/sbin/traceroute from Solaris 10 is vulnerable to buffer overflow in handling -g argument. After supplying 10 -g parameters, return address is overwritten by IP address argument: atari:root:/home/venglin /usr/sbin/traceroute -g 1 -g 2 -g 3 -g 4 -g 5 -g 6 -g 7 -g 8 -g 9 -g 10 127.0.0.1...
Debian DSA-124-1 : mtr - buffer overflow
The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network...
CVE-2002-0497
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTROPTIONS environment variable...