[SECURITY] Fedora 40 Update: darkhttpd-1.16-1.fc40

darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...

The vulnerability in the io_uring.c module of the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the iouring component in the Linux operating system’s kernel is related to improper checking of multiprocessing in the currentissinglethreaded function. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Linux kernel information disclosure vulnerability (CNVD-2023-54416)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has an information disclosure vulnerability, which originates from timensinstall call currentissinglethreaded to determine whether the current process is...

CVE-2023-23586

Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. timensinstall calls currentissinglethreaded to determine if the current process is single-threaded, but this call does not consider iouring's ioworker threads, thus it is possibl...

Denial Of Service (DoS)

xen is vulnerable to denial of service. An out-of-memory occurs when an unbounded queue of single threaded events are received faster than the thread is able to handle...

npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

Design/Logic Flaw

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

gnutls 3.6.6 - verify_crt() Use-After-Free

gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...

Brother Debut http Denial Of Service

The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...

[SECURITY] Fedora 25 Update: mingw-gtk-vnc-0.7.0-1.fc25

gtk-vnc is a VNC viewer widget for GTK. It is built using coroutines allowing it to be completely asynchronous while remaining single threaded...

[SECURITY] Fedora 24 Update: gtk-vnc-0.7.0-1.fc24

gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines allowing it to be completely asynchronous while remaining single threaded...

openssl security update

1.0.1e-48.4 - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts...

Fedora Update for Perlbal FEDORA-2008-2788

Check for the Version of Perlbal OpenVAS Vulnerability Test Fedora Update for Perlbal FEDORA-2008-2788 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Server: temporary DoS via crafted pattern searches

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...

CVE-2005-1108

The ijuntrustedurl function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request...