19 matches found
EUVD-2021-1344
Malware in sbrugna...
EUVD-2006-2606
Malware in sbrugna...
PT-2025-41012
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component does not limit the size of the multipart preamble,...
Denial Of Service (DoS)
typo3/cms is vulnerable to Denial of Service DoS. The vulnerability is due to handling large .youtube and .vimeo files in the backend, leading to high consumption of system resources and exceeding PHP process limits, resulting in a dysfunctional backend component...
CVE-2018-5743
A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...
GHSA-JJ6M-R8JC-2GP7 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Impact All versions of Pterodactyl Wings preior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually...
CVE-2021-32699
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...
CVE-2021-32699
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...
bind: Limiting simultaneous TCP clients is ineffective
A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...
Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update
An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
Ubuntu 5.04 / 5.10 / 6.06 LTS : krb5 vulnerabilities (USN-334-1)
Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid to fail via resource starvation. In that situation, the tools wil...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
Deserialization of untrusted data
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
max_processes.txt
Subject: Re: limit maximum nr. of processes. To: [email protected] El dia Wed, Sep 01, 1999 at 10:53:48AM +0200, Petter Wahlman escribió: to limit the maximum number of processes you can use the Linux-PAM edit /etc/pam.d/login %PAM-1.0 auth required /lib/security/pamsecuretty.so auth...