letmein connection limiter allows an arbitrary amount of simultaneous connections

Impact The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of...

CVE-2024-24823

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain...

GHSA-VRPV-VW92-328G Multiple rtmpdump vulnerabilities

The version of rtmpdump contained in this package has multiple known vulnerabilities. Patches This package is abandoned and should not be used anymore. There is no patched release. Workarounds You should install rmtpdump from another source. References...

PHP 5.4.1 getimagesize() Denial of Service Memory leak

Exploit for php platform in category dos / poc PHP 5.4.1 getimagesize Denial of Service Memory leak Details: Getimagesize function is used to determine the size of an image. It recives one parameter as URI. Getimagesize doesn't implement any function to verify if the remote file that is been...

NTP Vulnerability - Cisco Systems

Network Time Protocol NTP is used to synchronize time on multiple devices. A vulnerability has been discovered in the NTP daemon query processing functionality. This vulnerability has been publicly announced. Other Cisco software applications may run on Solaris platforms and where those products...