Lucene search
K

1689 matches found

Talos
Talos
added 2019/08/19 12:0 a.m.40 views

Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability...

7.8CVSS6.2AI score0.00673EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.48 views

Allocation of Resources Without Limits or Throttling in Apache Tika

A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later...

8.8CVSS2.4AI score0.0484EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/06 1:43 a.m.43 views

Allocation of Resources Without Limits or Throttling in Apache Tika

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later...

6.5CVSS2AI score0.03699EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2019/06/14 5:29 p.m.22 views

CVE-2019-2259

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...

10CVSS9.5AI score0.00935EPSS
Exploits0References1
Prion
Prion
added 2019/06/14 5:29 p.m.19 views

Design/Logic Flaw

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...

10CVSS9.4AI score0.00935EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/14 5:2 p.m.24 views

CVE-2019-2259

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W,...

9.5AI score0.00935EPSS
Exploits0References1
CVE
CVE
added 2019/06/14 5:2 p.m.222 views

CVE-2019-2259

CVE-2019-2259 refers to a resource allocation error that occurs when playing a video whose dimensions exceed the supported limit on Qualcomm Snapdragon platforms (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, etc.). Affected family spans numerous Snapdrag...

10CVSS9.3AI score0.00935EPSS
Exploits0References1Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/02/13 3:48 p.m.73 views

The Cloud in 2019: Current Uses and Emerging Risks

In the current tech landscape, one would be hard-pressed to find an organization that operates without the help of cloud environments and capabilities. From data storage and document sharing to enabling remote access and communication, the cloud represents the most critical linchpin of today's...

7.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.64 views

Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS3.9AI score0.01969EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2018/10/17 5:23 p.m.28 views

GHSA-5Q8M-MQMX-PXP9 Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

7.5CVSS7.4AI score0.01969EPSS
Exploits0References7
NVD
NVD
added 2018/09/18 6:29 p.m.17 views

CVE-2018-11273

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, 'voicesvcdev' is allocated as a device-managed resource. If error 'cdevallocerr' occurs, 'devicedestroy' will free all associated resources, including 'voicesvcdev' leading to a double free...

7.8CVSS7.5AI score0.00191EPSS
Exploits0References4
CVE
CVE
added 2018/07/24 5:0 p.m.56 views

CVE-2018-10632

Summary: CVE-2018-10632 affects Moxa NPort 5210, 5230, and 5232 (versions 2.9 build 17030709 and prior). The issue is uncontrolled resource consumption (resource exhaustion) caused by an attacker requesting excessive resources, resulting in a denial-of-service condition. The CVSSv3 base score is ...

7.5CVSS7.5AI score0.01713EPSS
Exploits0References2Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2018/05/17 5:0 p.m.50 views

5 Reasons Why AV Can’t Protect Your Data Center

Why are so many organizations lagging behind in performing security assessments of virtual assets in their datacenter? One contributing factor is the impact of virtualization on the datacenter has happened so quickly and organically, that products and processes haven’t kept up. Even now, there is...

0.5AI score
Exploits0
Prion
Prion
added 2018/04/18 4:29 p.m.19 views

Path traversal

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user or attacker can issue requests against Spring Data REST endpoints or endpoint...

5CVSS7.4AI score0.01969EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2018/04/12 12:0 a.m.5 views

Spring Data Commons Denial of Service Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...

7.5CVSS6.7AI score0.01969EPSS
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2018/03/02 5:17 p.m.48 views

The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

6.5AI score
Exploits0
NVD
NVD
added 2018/01/31 2:29 p.m.29 views

CVE-2017-1000411

OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and...

7.5CVSS7.6AI score0.01602EPSS
Exploits0References2
Carbon Black Blog
Carbon Black Blog
added 2017/08/18 7:20 p.m.165 views

10 Tips for Effective Threat Hunting

Editor’s Note: The text appears in the free eBook: “Threat Hunting for Dummies.” Consider the fact that attackers don’t think of their success as optional. Given that, effectiveness and success of a threat hunting program are critical. Organizations that start a threat hunting program have succes...

6.6AI score
Exploits0
Citrix
Citrix
added 2016/10/07 12:0 a.m.8 views

High Availability Failovers Due to Missed HA HeartBeats of NetScaler VPX on VMware ESX Hypervisor

NetScaler VPX on VMWare hypervisor High Availability failsover due to missed HA heartbeats. Note : This article only pertains to NetScaler VPX on VMWare hypervisor. Background Root cause of the HA failovers is missing heartbeats due to VPX scheduling issues on the VMware host. The NetScaler’s...

7.3AI score
Exploits0
Prion
Prion
added 2016/01/06 7:59 p.m.29 views

Design/Logic Flaw

The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service global kernel resource consumption by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different...

7.8CVSS6.3AI score0.006EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder