Show filters
67 Total Results
Displaying 1-10 of 67
Sort by:
Attacker Value
Unknown
CVE-2021-28165
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
0
Attacker Value
Unknown
CVE-2021-28164
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
0
Attacker Value
Unknown
CVE-2021-28163
Disclosure Date: April 01, 2021 (last updated November 08, 2023)
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
0
Attacker Value
Unknown
CVE-2019-11815
Disclosure Date: May 08, 2019 (last updated November 27, 2024)
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
0
Attacker Value
Unknown
CVE-2018-20836
Disclosure Date: May 07, 2019 (last updated November 27, 2024)
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
0
Attacker Value
Unknown
CVE-2019-3900
Disclosure Date: April 25, 2019 (last updated April 27, 2024)
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
0
Attacker Value
Unknown
CVE-2019-3882
Disclosure Date: April 24, 2019 (last updated November 27, 2024)
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
0
Attacker Value
Unknown
CVE-2019-11486
Disclosure Date: April 23, 2019 (last updated November 27, 2024)
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
0
Attacker Value
Unknown
CVE-2019-10246
Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
0
Attacker Value
Unknown
CVE-2019-10247
Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
0