26 matches found
CVE-2026-41054
A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...
CVE-2026-41054
In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...
CVE-2026-41054
CVE-2026-41054 affects haveged. In haveged’s source havegecmd.c, socket_handler checks the caller via an abstract UNIX socket and returns a negative acknowledgment for non-root users, but execution is not halted, enabling a local unprivileged user to reach privileged actions (e.g., MAGIC_CHROOT)....
haveged 安全漏洞
Haveged is a random number generation tool developed by Jirka-H. Haveged has a security vulnerability; this vulnerability stems from the sockethandler function not stopping its execution when it detects that the connection user is not a root user. This allows any local non-privileged user to...
EUVD-2022-31080
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xbb94...
CVE-2026-34824 Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...
SUSE-SU-2026:0457-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: - Update to 20.20.0: - CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 - CVE-2025-59465: Add TLSSocket default error handler bsc1256573 - CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 - CVE-2025-55130: Require...
lerobot 安全漏洞
lerobot is a robot programming library open-sourced by Hugging Face. A security vulnerability exists in huggingface LeRobot 0.3.3 and earlier versions, which stems from a lack of authentication in the ZeroMQ Socket Handler component and could lead to an attack within the local network...
PT-2025-38670
Name of the Vulnerable Software and Affected Versions huggingface LeRobot versions up to 0.3.3 Description A vulnerability exists in huggingface LeRobot up to version 0.3.3 related to missing authentication within the ZeroMQ Socket Handler functionality of the file lerobot/common/robot...
CVE-2025-9474
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...
CVE-2025-9474
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...
CVE-2025-9474
CVE-2025-9474 affects Mihomo Party up to version 1.8.1 on macOS. The vulnerability is in the enableSysProxy function of src/main/sys/sysproxy.ts within the Socket Handler component and results in creation of a temporary file with insecure permissions. The attack is local in scope and described as...
CVE-2025-9474 Mihomo Party Socket sysproxy.ts enableSysProxy temp file
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...
Feathers socket handler allows abusing implicit toString
Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...
GHSA-HHR9-RH25-HVF9 Feathers socket handler allows abusing implicit toString
Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...
CVE-2023-37899 feathersjs socket handler allows abusing implicit toString
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...
CVE-2023-37899 feathersjs socket handler allows abusing implicit toString
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...
CVE-2023-37899 feathersjs socket handler allows abusing implicit toString
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...
Feathers 代码问题漏洞
Feathers is Feathers open source a lightweight Web framework. Used to create APIs and real-time applications using TypeScript or JavaScript. Feathers has a code issue vulnerability , the vulnerability stems from the socket handler does not catch invalid string conversion errors , which can cause...
Denial Of Service (DoS)
HTTPS NIO Connector is vulnerable to Denial Of Service DoS attacks. The component Socket Handler's functionality is affected by opening a socket and not sending an SSL handshake which results in a read-timeout vulnerability...