Improper Check For Unusual Or Exceptional Conditions

Nix is vulnerable to a Improper Check for Unusual or Exceptional Conditions which can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation through Unix domain sockets in the abstract namespace. This allows the modification of th...

Jenkins LTS < 2.440.2 / Jenkins weekly < 2.444

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.440.2 or Jenkins weekly prior to 2.444. It is, therefore, affected by a vulnerability: - Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connecti...

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

CVE-2024-27297 Nix Corruption of fixed-output derivations

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

CVE-2024-27297

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...

CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

BIT-ENVOY-2020-8663

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections...

BIT-GOLANG-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

CentOS 9 : dbus-1.12.20-7.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dbus-1.12.20-7.el9 build changelog. - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can...

SUSE CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

Denial Of Service

jetty-http is vulnerable to Denial Of Service DoS. The vulnerability is due to GOAWAY frames failing to be written to the queue when there is TCP congestion within the server. An attacker can exploit idle timeout periods to leave HTTP/2 or 3 connections in the ESTABLISHED state, even when they...

Eclipse Jetty DoS Vulnerability (GHSA-rggv-cv7r-mw98) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Connection leaking on idle timeout when TCP congested

Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed ...

CVE-2024-22201

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

UBUNTU-CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...