Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-769
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000098 1 Golang 1 Go 2022-08-16 5.0 MEDIUM 7.5 HIGH
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.
CVE-2017-8452 1 Elastic 1 Kibana 2020-10-19 5.0 MEDIUM 7.5 HIGH
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.