Juniper Junos OS Vulnerability (JSA11193)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11193 advisory. - An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected,...

Eclipse Jetty Denial of Service Vulnerability (CNVD-2021-25683)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty 7.2.2 through 9.4.38, 10.0.0.alpha0 through 10.0.1, and 11.0.0.alpha0 through 11.0.1, which stems from abnormal processing after receivin...

CVE-2021-28165

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

Eclipse Jetty 资源管理错误漏洞

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty 7.2.2 through 9.4.38, 10.0.0.alpha0 through 10.0.1, and 11.0.0.alpha0 through 11.0.1, which stems from abnormal processing after receivin...

CVE-2021-1267 Cisco Firepower Management Center XML Entity Expansion Vulnerability

A vulnerability in the dashboard widget of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit th...

CVE-2021-1267 Cisco Firepower Management Center XML Entity Expansion Vulnerability

A vulnerability in the dashboard widget of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit th...

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

Design/Logic Flaw

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

CVE-2020-27715

CVE-2020-27715 affects F5 BIG-IP configurations vulnerable to a crafted TLS request to the management interface on port 443, causing near-100% CPU in httpd. Affected: BIG-IP versions 15.1.0–15.1.0.5, 14.1.0–14.1.3. Remediation per F5 K25691186: upgrade to 15.1.1 for 15.x, 14.1.3.1 for 14.x, or 16...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K25691186)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.3.1 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25691186 advisory. - On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via...

Security Bulletin: Rational Developer for System z - Add support for TLS v1.2 with MS-CAPI in HCE

Summary IBM Rational Developer for System z has added support for TLS v1.2 with MS-CAPI in the Host Connection Emulator Vulnerability Details CVEID: CVE-2017-1796 DESCRIPTION: IBM Developer for z Systems uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt...

Security Bulletin: Rational Developer for System z CPU utilization (CVE-2014-0963)

Summary IBM Rational Developer for System z is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts lik...

CVE-2020-1684

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when...

CVE-2020-3567

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

Input validation

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

CVE-2020-3567

CVE-2020-3567 affects Cisco Industrial Network Director (IND) via the management REST API. Affected versions prior to 1.9.0 (per CNVD entry) expose a vulnerability where insufficient validation of REST requests allows an authenticated, remote attacker to trigger high CPU utilization, causing a pe...

CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...

Cisco Industrial Network Director Denial of Service Vulnerability

A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...