CVE-2021-22883

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

Huawei EulerOS: Security Advisory for libtirpc (EulerOS-SA-2021-1090)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file...

Node.js: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion

Summary: Node.js http2 server is vulnerable against denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new...

openSUSE Security Update : spice-vdagent (openSUSE-2020-1898)

This update for spice-vdagent fixes the following issues : Security issues fixed : - CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781. -...

EulerOS Virtualization 3.0.6.6 : dbus (EulerOS-SA-2020-2465)

According to the version of the dbus packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when...

EulerOS 2.0 SP2 : dbus (EulerOS-SA-2020-2339)

According to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message...

CVE-2019-8790

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure...

CVE-2019-8790

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure...

Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : dbus (EulerOS-SA-2020-1903)

According to the version of the dbus packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file...

DEBIAN-CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-1797)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : dbus (EulerOS-SA-2020-1797)

According to the version of the dbus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message...

QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

dbus: denial of service via file descriptor leak

An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AFUNIX socket, ...

envoy: Resource exhaustion when accepting too many connections

A flaw was found in envoy in versions through 1.14.1. Accepting too many connections may lead to an exhaustion of file descriptors and/or memory. The highest threat from this vulnerability is to system availability...