Lucene search
K

99 matches found

OSV
OSV
added 2024/03/06 6:45 a.m.8 views

CVE-2024-26625 llc: call sock_orphan() at release time

In the Linux kernel, the following vulnerability has been resolved: llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f "net: socket: set sock-sk to NULL after calling protoops::release" Eric...

7.8CVSS5.8AI score0.00249EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2023/10/05 2:5 p.m.3 views

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/10/05 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-6415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.0616EPSS
Exploits4References2
BDU FSTEC
BDU FSTEC
added 2023/08/30 12:0 a.m.5 views

The vulnerability of the SSLSocket class interpreter in the Python programming language, which allows attackers to disclose protected information

The vulnerability of the Python programming language interpreter is related to incorrect initialization of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

8.6CVSS6.7AI score0.0079EPSS
Exploits0References15Affected Software9
Veracode
Veracode
added 2023/07/29 1:56 p.m.17 views

Denial Of Service (DoS)

sails is vulnerable to Denial Of Service DoS. The vulnerability exists because the buildRequest function of req.js does not properly ensure all remaining headers are strings, allowing an attacker to cause an application crash by sending a malicious virtual request when sockets are enabled...

7.5CVSS6.7AI score0.0076EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/27 5:13 p.m.19 views

GHSA-GPW9-FWM8-7RX7 DoS vulnerability for apps with sockets enabled

Impact In Sails apps =v1.5.6, an attacker can send a virtual request that will cause the node process to crash. Patches This behavior was fixed in Sails v1.5.7 Workarounds Disable the sockets hook and remove the sails.io.js client References https://github.com/balderdashy/sails/pull/7287 Big than...

7.5CVSS7.3AI score0.0076EPSS
Exploits0References6
OSV
OSV
added 2023/04/08 5:15 a.m.7 views

AZL-26216 CVE-2023-24626 affecting package screen for versions less than 4.9.1-1

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

6.5CVSS6.5AI score0.0054EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2023/03/13 11:16 a.m.9 views

CVE-2023-0629 Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

7.1CVSS7AI score0.00218EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-2152

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...

7.5CVSS8.2AI score0.03996EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.7 views

SUSE CVE-2013-2232

The ip6skdstcheck function in net/ipv6/ip6output.c in the Linux kernel before 3.10 allows local users to cause a denial of service system crash by using an AFINET6 socket for a connection to an IPv4 interface...

4.9CVSS6.2AI score0.00556EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.6 views

SUSE CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

3.7CVSS6.9AI score0.07169EPSS
Exploits0References9
OSV
OSV
added 2023/02/04 3:33 a.m.5 views

SUSE-SU-2023:0245-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005971 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-2602: Fixed a local privilege...

7.8CVSS7.4AI score0.01281EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-4185-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.5AI score0.03133EPSS
Exploits0References3
OSV
OSV
added 2022/08/16 7:42 a.m.8 views

OPENSUSE-SU-2022:10091-1 Security update for canna

This update for canna fixes the following issues: - CVE-2022-21950: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets boo1199280...

5.3CVSS5.2AI score0.00142EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.3 views

The vulnerability in the socket implementation of the Microsoft Windows operating system allows a hacker to cause a service failure. [source-iocs-preserved const=AF_UNIX]

The vulnerability of the socket implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, working remotely, to cause service failures by sending specially crafted input data to the application...

7.8CVSS7.2AI score0.03034EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.5 views

The vulnerability in the `net/sctp/socket.c` component of the Linux operating system allows a hacker to increase their privileges.

The vulnerability of the net/sctp/socket.c component in the Linux operating system arises from the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...

7CVSS6.7AI score0.00482EPSS
Exploits1References36Affected Software6
CNVD
CNVD
added 2021/08/31 12:0 a.m.119 views

Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability

Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...

2.5AI score
Exploits0
CNVD
CNVD
added 2021/01/06 12:0 a.m.11 views

Unspecified Vulnerability in Rust (CNVD-2021-39165)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in socket2 crate for Rust prior to version 0.3.16, which stems from its incorrect expectation of the std::net::SocketAddr memory representation. No details of the vulnerability ar...

5.5CVSS6.6AI score0.00398EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/11/26 12:0 a.m.6 views

The vulnerability in the socket implementation of Azure Sphere’s operating system allows a hacker to execute arbitrary code. [source-iocs-preserved const=AF_AZSPIO]

The vulnerability of the socket implementation in Azure Sphere’s operating system is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to execute arbitrary code. source-iocs-preserved const=AFAZSPIO...

8.8CVSS7.8AI score0.01378EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/09/10 12:0 a.m.2 views

FreeBSD Buffer Overflow Vulnerability (CNVD-2020-51503)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service and code execution via an SCTP socket...

5.5CVSS7.9AI score0.00399EPSS
Exploits0References1
Rows per page
Query Builder