Lucene search
K

316 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/08/12 5:41 p.m.50 views

Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities

Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...

9.8CVSS8AI score0.08625EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.34 views

SUSE: Security Advisory (SUSE-SU-2020:1913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.03874EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2017:0255-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.52935EPSS
Exploits12References18
CNVD
CNVD
added 2021/03/15 12:0 a.m.13 views

XStream Denial of Service Vulnerability (CNVD-2021-28338)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate a processed input stream and replac...

7.5CVSS6.6AI score0.77801EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.51 views

EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)

According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...

7.8CVSS6.9AI score0.09082EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.6 views

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

7.8CVSS7.3AI score0.09082EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/24 1:10 p.m.3 views

nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...

7.8CVSS7.2AI score0.03793EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/09/30 6:15 p.m.37 views

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

7.8CVSS7.1AI score0.03793EPSS
Exploits0References4
NVD
NVD
added 2020/08/10 6:15 p.m.14 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS6.4AI score0.01237EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2020/08/10 5:43 p.m.23 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS8.1AI score0.01237EPSS
Exploits0
Mageia
Mageia
added 2020/07/31 11:25 p.m.41 views

Updated nasm packages fix security vulnerability

Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file CVE-2018-10254. Netwide Assembler NAS...

7.8CVSS4AI score0.05166EPSS
Exploits13References3
RedhatCVE
RedhatCVE
added 2020/07/29 7:7 a.m.27 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

4.3CVSS3.9AI score0.01237EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/07/29 12:0 a.m.32 views

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References4
OSV
OSV
added 2020/07/29 12:0 a.m.2 views

UBUNTU-CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.46 views

openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

7.8CVSS6.4AI score0.03874EPSS
Exploits0References19
OPENSUSE Linux
OPENSUSE Linux
added 2020/07/18 12:0 a.m.56 views

Security update for samba (important)

openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:0984-1 Rating: important References: 1171437 1172307 1173159 1173160 1173161 1173359 Cross-References: CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: openSUSE Leap 15.1 An update...

7.8CVSS7.5AI score0.03874EPSS
Exploits0References6
OSV
OSV
added 2020/07/14 3:41 p.m.6 views

SUSE-SU-2020:1913-1 Security update for samba

This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU bsc1173160. - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets bsc117335...

7.8CVSS6.9AI score0.03874EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.2 views

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

7.8CVSS7.3AI score0.09082EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.3 views

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

7.8CVSS7.3AI score0.09082EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.5 views

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

7.8CVSS7.3AI score0.09082EPSS
Exploits0References4
Rows per page
Query Builder