940 matches found
CVE-2021-46828
A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
Code injection
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
CVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections...
dpdk: sending vhost-user-inflight type messages could lead to DoS
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...
dpdk: sending vhost-user-inflight type messages could lead to DoS
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...
dpdk: sending vhost-user-inflight type messages could lead to DoS
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...
GO-2022-0289 Misdirected I/O in syscall
When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec including indirectly by using the os/exec package, syscall.ForkExec can close file descriptor 0 as it fails. If this happens or can be provoked repeatedly, it can result in misdirected I/O such as...
GHSA-GJJX-GQM4-WCGM Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
Uncontrolled Resource Consumption in Undertow
It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...
kernel: drm/vmwgfx: Fix stale file descriptors on failed usercopy
A use-after-free vulnerability has been identified in the Linux kernel's VMware graphics driver vmwgfx driver. This flaw occurs during the usercopy operation for the fencerep object. If this operation fails, it can leave a stale dangling file descriptor in the system's file descriptor table. This...
SUSE-SU-2022:1593-1 Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-150100197111 fixes several issues. The following security issues were fixed: - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write. This flaw allowed a local user to gain unauthorized access to data from t...
UBUNTU-CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master...
SUSE-SU-2022:1278-1 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-12288 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects...
SUSE-SU-2022:1242-1 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-12277 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects...
SUSE-SU-2022:1212-1 Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19799 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects...
SUSE-SU-2022:1193-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19789 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects...
SUSE-SU-2022:1172-1 Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-197108 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap object...