CVE-2026-56117 dhcpcd Heap Use-After-Free via Control Socket Handling

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

CVE-2026-56117

CVE-2026-56117: dhcpcd up to version 10.3.2 contains a local heap use-after-free in the control socket handling (src/control.c). The root cause is that control_recvdata() can free the client object while a subsequent READ+HANGUP event reaches control_hangup() with a stale pointer, enabling memory...

SUSE CVE-2019-10132

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

Information disclosure

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...

CVE-2022-39292

CVE-2022-39292 affects Slack Morphism, a Rust client library for Slack Web/Events API/Socket Mode and Block Kit. Vulnerability: debug logs can disclose sensitive webhook URLs containing private information. The issue is mitigated by upgrading to version 1.3.2, which redacts sensitive webhook URLs...

libvirt security update

5.0.0-4.el7 - logging: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - locking: restrict sockets to mode 0600 Daniel P. Berrange Orabug: 29861433 CVE-2019-10132 - admin: reject clients unless their UID matches the current UID Daniel P. Berrange Orabug: 29861433...

libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter

A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this...

UBUNTU-CVE-2019-10132

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

KLA10160 Multiple vulnerabilities in First Response

Multiple serious vulnerabilities have been found in First Response. Malicious users can exploit these vulnerabilities to cause denial of service or hijack user packets. Below is a complete list of vulnerabilities 1. Non-exclusive socket mode can be exploited locally; 2. Vectors related to FRAgent...

DEBIAN-CVE-2006-1010

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service segmentation fault and possibly execute code by sending the server a large request...