Lucene search
K

210 matches found

NVD
NVD
added last week7 views

CVE-2026-52814

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS0.00547EPSS
Exploits0References4
Cvelist
Cvelist
added last week20 views

CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS0.00547EPSS
Exploits0References4
CVE
CVE
added last week14 views

CVE-2026-52814

CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:12 p.m.9 views

Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:12 p.m.4 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51632

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/08 12:58 p.m.39 views

CVE-2026-49232 Routinator exits when accepting an incoming HTTP or RTR connection fails

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS0.00333EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 5:19 p.m.9 views

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

5.5CVSS5.8AI score0.00168EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/28 5:19 p.m.10 views

Missing Release of File Descriptor or Handle after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of File Descriptor or Handle after Effective Lifetime via the ParseFile function. An attacker can cause the process to exhaust available file descriptors and disrupt service by repeatedly triggering schema parsing...

5.5CVSS5.8AI score0.00168EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 2:12 p.m.17 views

CVE-2026-39455

CVE-2026-39455 affects the BIG-IP Configuration utility when LDAP authentication is used. Undisclosed traffic can cause the httpd process to exhaust file descriptors, leading to a denial‑of‑service where the Configuration utility stops responding until httpd is restarted. Exploitation: remote, un...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software21
Hacker One
Hacker One
added 2026/05/03 6:34 a.m.16 views

curl: Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror

Summary: A resource leak was identified in src/toolparsecfg.c using the Clang Static Analyzer. When a file error occurs fileerror is true during config parsing, the function returns PARAMREADERROR without ensuring the file stream is properly closed, leading to a potential file descriptor leak...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24949

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

5.9CVSS5.8AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 2:16 p.m.6 views

DEBIAN-CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.3AI score0.00393EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 2:16 p.m.4 views

CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS0.00393EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/22 2:16 p.m.4 views

CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 2:16 p.m.3 views

UBUNTU-CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/22 2:0 p.m.2 views

CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.8AI score0.00393EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:0 p.m.3 views

CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

5.9CVSS5.8AI score0.00393EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 2:0 p.m.3 views

CVE-2026-33610 Possible file descriptor exhaustion in forward-dnsupdate

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

5.9CVSS5.8AI score0.00393EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 2:0 p.m.23 views

CVE-2026-33610

The CVE describes a denial-of-service risk in PowerDNS: a rogue primary server can exhaust file descriptors when a PowerDNS secondary forwards a DNS update request to it. This is triggered in the forward-dnsupdate path, leading to an eventual DoS on the affected system. Connected advisories (OSV/...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder