14 matches found
IBM Engineering Lifecycle Management 安全漏洞
IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities ste...
CVE-2025-25032 IBM Cognos Analytics denial of service
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources...
PT-2025-25232 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.4 Description: The issue allows an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources. Recommendations: For IBM Cognos...
CVE-2025-26465 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
PT-2025-4251 · Oracle +8 · Mysql Server +7
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: A vulnerability in the MySQL Server product allows a high privileged attacker with network access via multiple...
nghttp2: CONTINUATION frames DoS
A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...
VulnCheck KEV: CVE-2020-4463
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484...
CVE-2020-4875
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838...
expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...
CVE-2017-13279
CVE-2017-13279 affects Android’s M3UParser parsing path (M3UParser.cpp). The issue is a memory resource exhaustion caused by a large loop that pushes items into a vector, leading to remote denial of service. Impacted Android versions include 6.0–8.1. Exploitation requires user interaction, and th...
Ubuntu: Security Advisory (USN-2917-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2917-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)
This host is missing an important security update according to Microsoft Bulletin MS13-032. OpenVAS Vulnerability Test $Id: secpodms13-032.nasl 8276 2018-01-03 12:29:18Z asteins $ Microsoft Windows Active Directory Denial of Service Vulnerability 2830914 Authors: Antu Sanadi Copyright: Copyright ...