25 matches found
CVE-2026-40719
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...
EUVD-2004-2757
Malware in sbrugna...
EUVD-2006-1210
Malware in sbrugna...
EUVD-2008-0145
Malware in sbrugna...
EUVD-2014-6085
Malware in sbrugna...
Ubuntu 20.04 LTS / 22.04 LTS : lighttpd vulnerabilities (USN-5903-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory. It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could...
GLSA-202210-12 : Lighttpd: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202210-12 Lighttpd: Denial of Service - In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes...
Denial Of Service (DoS)
lighttpd is vulnerable to denial of service. The vulnerability exists in gwbackend.c where there is a resource leak which will lead to a connection slot exhaustion after a large amount of anomalous TCP behavior causing an application crash...
CVE-2022-41556
A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...
Design/Logic Flaw
A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...
CVE-2022-41556
CVE-2022-41556 affects lighttpd 1.4.56–1.4.66, describing a resource leak in gw_backend.c that can cause denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior, related to RDHUP mishandling in certain HTTP/1.1 chunked scenarios (mod_fastcgi also affected). T...
CVE-2022-41556
A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...
CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
openssh: Prevent connection slot exhaustion attacks
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many new TCP connections...
Directory traversal
Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...
Code injection
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
CVE-2008-4109
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...
CVE-2008-0132
The CVE-2008-0132 entry affects Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier. The vulnerability arises in the sshd.exe handling of long input, where an error-message window is created and the process waits for an administrator click before termination, allowing remote attackers to exha...
CVE-2007-4654
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch CSS series 11000 devices allows remote attackers to cause a denial of service connection slot exhaustion and device crash via a series of large packets designed to exploit the...