EUVD-2026-32657

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

GHSA-Q8QP-CVCW-X6JJ Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking

Summary Five config properties in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values ...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that is due to an authorization bypass vulnerability in the WebSocket connection path. An attacker can exploit the vulnerability to perform administrator-only...

Linux Distros Unpatched Vulnerability : CVE-2022-25643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket...

avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket

A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...

PT-2023-36236 · Conmon · Conmon

Name of the Vulnerable Software and Affected Versions: conmon versions prior to 2.1.7 Description: The issue concerns conmon, where several bugs have been fixed, including leaking symbolic links in the opt socket path directory, cgroup oom issues, and OOM watcher for cgroupv2 oom kill events. The...

Insecure temporary file usage in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

CVE-2022-27818

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

SWHKD 安全漏洞

SWHKD is a display protocol-independent hotkey daemon made with Rust. A security vulnerability exists in SWHKD, which stems from the insecure use of the /tmp/swhkd.sock pathname. An attacker could exploit the vulnerability to obtain sensitive information or launch a denial-of-service attack...

CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

DEBIAN-CVE-2022-25643

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname...

FreeBSD : seatd-launch -- remove files with escalated privileges with SUID (1cd565da-455e-41b7-a5b9-86ad8e81e33e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1cd565da-455e-41b7-a5b9-86ad8e81e33e advisory. - Kenny Levinsen reports: seatd-launch could use a user-specified socket path instead of the internally...

Microsoft OMI Management Interface Authentication Bypass Exploit

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

DEBIAN-CVE-2020-5202

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

PHP 5.3.6 buffer overflow POC（ROP）of the CVE-vulnerability warning-the black bar safety net

? PHP / [email protected] http://bbs.xxoxo.org 2 0 1 1 year 7 month 1 5 day Stack-based buffer overflow in ext /socket/ sockets. c socketconnect function In PHP 5.3. 3 to 5. 3. 6 may be context-dependent attacker to execute arbitrary The code through the UNIX socket path name. By: small blue /...