Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avahi-daemon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-0758
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote malicious users to cause a denial of service (networ...
Avahi Avahi-daemon 0.6.23
7.8
CVSSv3
CVE-2021-26720
avahi-daemon-check-dns.sh in the Debian avahi package up to and including 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local malicious user to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi...
Avahi Avahi
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a...
Avahi Avahi 0.6.25
Avahi Avahi 0.6.16
NA
CVE-2007-3372
The Avahi daemon in Avahi prior to 0.6.20 allows malicious users to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
Avahi Avahi
NA
CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi prior to 0.6.29 allows remote malicious users to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Avahi Avahi 0.6.25
Avahi Avahi 0.6.5
Avahi Avahi 0.6.20
Avahi Avahi 0.6.19
Avahi Avahi 0.5.2
Avahi Avahi 0.6.1
Avahi Avahi 0.6.13
Avahi Avahi 0.6.15
Avahi Avahi 0.6.7
Avahi Avahi 0.6.17
Avahi Avahi 0.6.16
Avahi Avahi 0.3
Avahi Avahi
Avahi Avahi 0.6.24
Avahi Avahi 0.6.23
Avahi Avahi 0.6.9
Avahi Avahi 0.2
Avahi Avahi 0.1
Avahi Avahi 0.6.14
Avahi Avahi 0.6.10
Avahi Avahi 0.6.27
Avahi Avahi 0.6.6
2 Nmap scripts
4 Github repositories
NA
CVE-2008-5081
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi prior to 0.6.24 allows remote malicious users to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
Avahi Avahi 0.6.5
Avahi Avahi 0.6.20
Avahi Avahi 0.6.19
Avahi Avahi 0.5.2
Avahi Avahi 0.6.1
Avahi Avahi 0.6.13
Avahi Avahi 0.6.15
Avahi Avahi 0.6.7
Avahi Avahi 0.6.17
Avahi Avahi 0.6.16
Avahi Avahi 0.3
Avahi Avahi 0.6.9
Avahi Avahi 0.2
Avahi Avahi 0.1
Avahi Avahi 0.6.14
Avahi Avahi 0.6.10
Avahi Avahi 0.6.6
Avahi Avahi 0.5
Avahi Avahi 0.6.22
Avahi Avahi 0.6.4
Avahi Avahi 0.6.11
Avahi Avahi 0.6.3
1 EDB exploit
5.5
CVSSv3
CVE-2023-1981
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
Avahi Avahi 0.7-20
Fedoraproject Fedora 37
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
NA
CVE-2021-36217
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this candidate. All references and descriptions in this candidate have been removed...
9.1
CVSSv3
CVE-2017-6519
avahi-daemon in Avahi up to and including 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote malicious users to cause a denial of service (traffic amplification) and may cause information leakage by obtain...
Avahi Avahi
Avahi Avahi 0.7
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
5.5
CVSSv3
CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local malicious user to trigger an infinite loop. The highest threat fr...
Avahi Avahi
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »