1689 matches found
Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability...
Allocation of Resources Without Limits or Throttling in Apache Tika
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later...
Allocation of Resources Without Limits or Throttling in Apache Tika
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later...
CVE-2019-2259
Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...
Design/Logic Flaw
Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...
CVE-2019-2259
Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...
CVE-2019-2259
CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...
The Cloud in 2019: Current Uses and Emerging Risks
In the current tech landscape, one would be hard-pressed to find an organization that operates without the help of cloud environments and capabilities. From data storage and document sharing to enabling remote access and communication, the cloud represents the most critical linchpin of today's...
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
GHSA-5Q8M-MQMX-PXP9 Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
CVE-2018-11273
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, 'voicesvcdev' is allocated as a device-managed resource. If error 'cdevallocerr' occurs, 'devicedestroy' will free all associated resources, including 'voicesvcdev' leading to a double free...
CVE-2018-10632
Summary: CVE-2018-10632 affects Moxa NPort 5210, 5230, and 5232 (versions 2.9 build 17030709 and prior). The issue is uncontrolled resource consumption (resource exhaustion) caused by an attacker requesting excessive resources, resulting in a denial-of-service condition. The CVSSv3 base score is ...
5 Reasons Why AV Can’t Protect Your Data Center
Why are so many organizations lagging behind in performing security assessments of virtual assets in their datacenter? One contributing factor is the impact of virtualization on the datacenter has happened so quickly and organically, that products and processes haven’t kept up. Even now, there is...
Path traversal
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...
Spring Data Commons Denial of Service Vulnerability
Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...
The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)
In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...
CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and...
10 Tips for Effective Threat Hunting
Editor’s Note: The text appears in the free eBook: “Threat Hunting for Dummies.” Consider the fact that attackers don’t think of their success as optional. Given that, effectiveness and success of a threat hunting program are critical. Organizations that start a threat hunting program have succes...
High Availability Failovers Due to Missed HA HeartBeats of NetScaler VPX on VMware ESX Hypervisor
NetScaler VPX on VMWare hypervisor High Availability failsover due to missed HA heartbeats. Note : This article only pertains to NetScaler VPX on VMWare hypervisor. Background Root cause of the HA failovers is missing heartbeats due to VPX scheduling issues on the VMware host. The NetScaler’s...
Design/Logic Flaw
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service global kernel resource consumption by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different...