CWE:

Nic nie znaleziono w bazie WLB2

---

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2018-08-30

Medium

CVE-2018-14622

Vendor: Canonical Software: Ubuntu linux

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.

2018-06-21

Medium

CVE-2018-0358

Vendor: Cisco Software: Telepresence...

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to exhaustion of file descriptors while processing a high volume of traffic. An attacker could exploit this vulnerability by establishing a high number of concurrent TCP connections to the vulnerable system. An exploit could allow the attacker to cause a restart in a specific process, resulting in a temporary interruption of service. Cisco Bug IDs: CSCvh77056, CSCvh77058, CSCvh95264.

2017-10-04

Medium

CVE-2017-1000098

Vendor: Golang Software: GO

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.

2017-06-16

Medium

CVE-2017-8452

Vendor: Elasticsearch Software: Kibana

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.

 

---

Copyright 2024, cxsecurity.com