99 matches found
CVE-2024-26625 llc: call sock_orphan() at release time
In the Linux kernel, the following vulnerability has been resolved: llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f "net: socket: set sock-sk to NULL after calling protoops::release" Eric...
python: TLS handshake bypass
Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...
Ubuntu: Security Advisory (USN-6415-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the SSLSocket class interpreter in the Python programming language, which allows attackers to disclose protected information
The vulnerability of the Python programming language interpreter is related to incorrect initialization of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...
Denial Of Service (DoS)
sails is vulnerable to Denial Of Service DoS. The vulnerability exists because the buildRequest function of req.js does not properly ensure all remaining headers are strings, allowing an attacker to cause an application crash by sending a malicious virtual request when sockets are enabled...
GHSA-GPW9-FWM8-7RX7 DoS vulnerability for apps with sockets enabled
Impact In Sails apps =v1.5.6, an attacker can send a virtual request that will cause the node process to crash. Patches This behavior was fixed in Sails v1.5.7 Workarounds Disable the sockets hook and remove the sails.io.js client References https://github.com/balderdashy/sails/pull/7287 Big than...
AZL-26216 CVE-2023-24626 affecting package screen for versions less than 4.9.1-1
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...
CVE-2023-0629 Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...
SUSE CVE-2012-2152
Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...
SUSE CVE-2013-2232
The ip6skdstcheck function in net/ipv6/ip6output.c in the Linux kernel before 3.10 allows local users to cause a denial of service system crash by using an AFINET6 socket for a connection to an IPv4 interface...
SUSE CVE-2018-8779
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...
SUSE-SU-2023:0245-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-1503005971 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-2602: Fixed a local privilege...
Ubuntu: Security Advisory (USN-4185-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2022:10091-1 Security update for canna
This update for canna fixes the following issues: - CVE-2022-21950: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets boo1199280...
The vulnerability in the socket implementation of the Microsoft Windows operating system allows a hacker to cause a service failure. [source-iocs-preserved const=AF_UNIX]
The vulnerability of the socket implementation in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, working remotely, to cause service failures by sending specially crafted input data to the application...
The vulnerability in the `net/sctp/socket.c` component of the Linux operating system allows a hacker to increase their privileges.
The vulnerability of the net/sctp/socket.c component in the Linux operating system arises from the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...
Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability
Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...
Unspecified Vulnerability in Rust (CNVD-2021-39165)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in socket2 crate for Rust prior to version 0.3.16, which stems from its incorrect expectation of the std::net::SocketAddr memory representation. No details of the vulnerability ar...
The vulnerability in the socket implementation of Azure Sphere’s operating system allows a hacker to execute arbitrary code. [source-iocs-preserved const=AF_AZSPIO]
The vulnerability of the socket implementation in Azure Sphere’s operating system is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to execute arbitrary code. source-iocs-preserved const=AFAZSPIO...
FreeBSD Buffer Overflow Vulnerability (CNVD-2020-51503)
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service and code execution via an SCTP socket...