942 matches found
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
Information disclosure
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
CVE-2018-9275
CVE-2018-9275 affects pam_yubico (Yubico PAM module). In check_user_token (util.c), versions 2.18–2.25 can leak file descriptors to the auth mapping file, enabling information disclosure (device serial numbers) and/or DoS by exhausting file descriptors. Public entries indicate remediation by upda...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
Potentially Insecure Configuration
Mosquitto is vulnerable to potentially insecure configuration issues. The vulnerability is caused by a SIGHUP signal when no additional file descriptors can be allocated by the broker when opening the configuration file. This causes the default configuration values to be reloaded, which can...
UBUNTU-CVE-2014-10071
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the "& fd" syntax...
Medium: dhcp
Issue Overview: Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to...
EulerOS 2.0 SP1 : dhcp (EulerOS-SA-2018-1035)
According to the version of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI...
EulerOS 2.0 SP2 : dhcp (EulerOS-SA-2018-1036)
According to the version of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI...
Debian DLA-1123-1 : golang security update
It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 'Wheezy', this issue has been fixed in golang version 2:1.0.2-1.1+deb7u1. We recommend that you upgrade...
[SECURITY] [DLA 1123-1] golang security update
Package : golang Version : 2:1.0.2-1.1+deb7u1 CVE ID : CVE-2017-1000098 It was discovered that there was an issue in the Go programming language library where an attacker could generate a MIME request such that the server ran out of file descriptors. For Debian 7 "Wheezy", this issue has been fix...
Denial Of Service (DoS) Via Multipart Request
net/http in github.com/golang/go is vulnerable to denial of service DoS attacks. The attacks exist because Request.ParseMultipartForm begins writing temporary files regardless of the request body size surpassing the given "maxMemory" limit. Attacker can send malicious multipart request to consume...
CVE-2017-1000098
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
CVE-2017-1000098
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
AZL-79016 CVE-2017-1000098 affecting package golang 1.25.7-1
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
CVE-2017-1000098
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
CVE-2017-1000098
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...
Design/Logic Flaw
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...