443 matches found
Fixed in Apache Tomcat 8.5.56
Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit c8acd2ab. Thi...
libexif Resource Management Error Vulnerability
libexif is a library of functions written in the C language. It is mainly used to read and write EXIF meta-information from graphics files. A security vulnerability exists in versions prior to libexif 0.6.22, which stems from the program failing to limit the size value when processing Canon EXIF...
WDS has a high CPU usage when many client computers try to start in Windows Server 2012 R2
WDS has a high CPU usage when many client computers try to start in Windows Server 2012 R2 This article describes an issue that occurs in Windows Server 2012 R2 that has Windows Deployment Services WDS installed. You can fix this issue by using the update in this article. Before you install this...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
CVE-2020-3164
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Security Management Appliance SMA could allow an unauthenticated remote attacker to cause high CPU usage on an affected device,...
Input validation
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Security Management Appliance SMA could allow an unauthenticated remote attacker to cause high CPU usage on an affected device,...
CVE-2020-3164 Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Security Management Appliance SMA could allow an unauthenticated remote attacker to cause high CPU usage on an affected device,...
Denial Of Service
libexiv2.so is vulnerable to denial of service DoS. The attack exists when an attacker provide a malicious input to Jp2Image::readMetadata in jp2image.cpp, causing an infinite loop and high CPU usage...
DEBIAN-CVE-2019-20421
In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
PYSEC-2020-344
In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...
CVE-2020-1600 Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon.
In a Point-to-Multipoint P2MP Label Switched Path LSP scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon RPD in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service DoS condition...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
PT-2019-15812 · Cz.Nic +2 · Knot Resolver +2
Name of the Vulnerable Software and Affected Versions: knot-resolver versions prior to 4.3.0 Description: The issue allows for denial of service through high CPU utilization. This occurs when DNS replies contain a large number of resource records, which can be processed inefficiently. In extreme...
Cisco cBR Series Converged Broadband Routers High CPU Usage DoS (cisco-sa-20180418-cbr8)
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability on Cisco cBR Series Converged Broadband Routers due to incorrect handling of certain DHCP packets. An unauthenticated, adjacent, attacker can exploit this, by sending certain DHCP...
HTTP/2: flood using empty frames results in excessive resource consumption
A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...
CVE-2019-1957
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS...
CVE-2019-1957
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS...
Design/Logic Flaw
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security TLS...
389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.5
It was found that the fix for CVE-2018-14648 was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service...
CVE-2019-1718
A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of Secure Sockets Layer SSL renegotiation requests. A...