1706 matches found
CVE-2022-25897
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...
PT-2022-25319 · Samsung · Tizenrt
Name of the Vulnerable Software and Affected Versions: Samsung TizenRT versions through 3.0 GBM and 3.1 PRE Description: An issue was discovered in the createDB function within the provisioningdatabasemanager.c file, located in the security/provisioning/src directory. This issue is caused by a...
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
PT-2022-37225 · Git +1 · Lcms
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash has been reported. The crash involves the cmsFreeNamedColorList and cmsCloseProfile functions, and the Type NamedColor...
PT-2022-4447 · Unknown · Node-Opcua
Name of the Vulnerable Software and Affected Versions: node-opcua versions prior to 2.74.0 Description: The issue is related to a Denial of Service DoS condition that can be triggered by bypassing limitations for excessive memory consumption. This can be achieved by sending multiple CloseSession...
node-opcua 资源管理错误漏洞
node-opcua is a French Sterfive SAS open source implementation of an OPC UA stack written entirely in Typescript for NodeJS. A resource management error vulnerability exists in versions of node-opcua prior to 2.74.0. An attacker can exploit this vulnerability to bypass excessive memory consumptio...
Denial of Service (DoS)
Overview org.eclipse.milo:sdk-server is an open-source implementation of OPC UA Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter...
CVE-2022-24298
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...
Denial of Service (DoS)
Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the...
profi-vergleich.de Cross Site Scripting vulnerability OBB-2853802
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-38222
There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...
kernel: fget: check that the fd still exists after getting a ref to it
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak via the function ucclose at /my/unicorn/uc.c. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike...
GHSA-F5X9-8JWC-25RW Uncaught Exception (due to a data race) leads to process termination in Waitress
Impact Waitress may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. Patches This issue has been fixed in Waitress 2.1.2 ...
AZL-44571 CVE-2022-31015 affecting package python-waitress for versions less than 3.0.1-1
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...
GHSA-5H29-QQ92-WJ7F Cleartext Transmission of Sensitive Information in Apache MINA
Handling of the closenotify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This...
kernel: fget: check that the fd still exists after getting a ref to it
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...
kernel: fget: check that the fd still exists after getting a ref to it
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...
kernel: fget: check that the fd still exists after getting a ref to it
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...
OESA-2022-1615 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...