16 matches found
EUVD-2015-1174
Malware in sbrugna...
GHSA-J8XJ-7JFF-46MX Directus's S3 assets become unavailable after a burst of malformed transformations
Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
SUSE CVE-2015-1030
Memory leak in the rfc2553connectto function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service memory consumption via a large number of requests that are rejected because the socket limit is reached...
OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...
Fedora 29 : mosquitto (2018-ff1fdf28aa)
Release 1.5.3 Security : - Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker : - Elevate log level to warning for situation when socket limit is hit. - Remo...
Fedora 27 : mosquitto (2018-a115b0b80e)
Release 1.5.3 Security : - Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker : - Elevate log level to warning for situation when socket limit is hit. - Remo...
Privoxy < 3.0.22 Multiple Vulnerabilities
According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.22. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability exists due to a memory leak when client connections are rejected when the socket limi...
CVE-2015-1030
Memory leak in the rfc2553connectto function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service memory consumption via a large number of requests that are rejected because the socket limit is reached...
Updated privoxy package fixes security vulnerabilities
Updated privoxy packages fix security issues: A memory leak occurred in privoxy 3.0.21 compiled with IPv6 support when rejecting client connections due to the socket limit being reached. CID 66382 A use-after-free bug was found in privoxy 3.0.21 and two additional potential use-after-free issues...
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1380 advisory. 1:1.6.0.0-1.40.1.9.10 - Resolves: rhbz744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream...
RHEL 6 : java-1.6.0-ibm (RHSA-2012:0034)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0034 advisory. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes...
OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking...
OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking...