316 matches found
Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities
Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...
SUSE: Security Advisory (SUSE-SU-2020:1913-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0255-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XStream Denial of Service Vulnerability (CNVD-2021-28338)
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate a processed input stream and replac...
EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)
According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...
CVE-2019-20922
Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
Updated nasm packages fix security vulnerability
Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
UBUNTU-CVE-2020-15654
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
openSUSE Security Update : ldb / samba (openSUSE-2020-1023)
"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Security update for samba (important)
openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:0984-1 Rating: important References: 1171437 1172307 1173159 1173160 1173161 1173359 Cross-References: CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: openSUSE Leap 15.1 An update...
SUSE-SU-2020:1913-1 Security update for samba
This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU bsc1173160. - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets bsc117335...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
thrift: Endless loop when feed with specific input data
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...