PT-2026-33770

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

GHSA-9F8F-2VMF-885J Data exposure via ZeroMQ on multi-node vLLM deployment

Impact In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism acros...

SUSE CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting...

SUSE CVE-2007-3099

usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...

CVE-2022-30121

The “LANDeskR Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system...

PT-2022-16745 · Unknown · Automotive Grade Linux

Name of the Vulnerable Software and Affected Versions: Automotive Grade Linux Kooky Koi versions 11.0.0 through 11.0.5 Description: The issue is related to Incorrect Access Control in usr/bin/afb-daemon. To exploit this, an attacker needs to send a well-crafted HTTP or WebSocket request to the...