Lucene search
K

479 matches found

Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.36 views

Oracle Linux 8 : spamassassin (ELSA-2020-4625)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4625 advisory. - Fixed CVE-2018-11805 - Fixed CVE-2020-1930 - Fixed CVE-2020-1931 - Fix CVE-2019-12420 Tenable has extracted the preceding description block directly...

9.3CVSS6.8AI score0.07234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/11 12:0 a.m.5 views

PT-2020-5886 · Openexr +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled...

7.5CVSS5.9AI score0.01848EPSS
Exploits5References107
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/09 8:11 p.m.36 views

Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending specially-crafted MSS traffic, a remote attacker cou...

7.5CVSS1.6AI score0.9166EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.9AI score0.07879EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/27 12:0 a.m.33 views

Amazon Linux 2 : spamassassin (ALAS-2020-1545)

The version of spamassassin installed on the remote host is prior to 3.4.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1545 advisory. In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as so...

7.5CVSS6.7AI score0.07234EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/10/07 11:24 a.m.20 views

Kubernetes: Unsecured Grafana instance on https://monitoring.prow-canary.k8s.io/dashboards

Hi, I was looking at https://monitoring.prow-canary.k8s.io Grafana webapp. I'm not sure if it is for demo purposes, but I can access the main dashboard and view all graphs. https://monitoring.prow-canary.k8s.io/dashboards If indeed it is for demo purposes, please let me close the report myself...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2020/09/23 12:0 a.m.38 views

dovecot-pigeonhole -- Sieve excessive resource usage

Dovecot team reports reports: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time...

4.3CVSS1.2AI score0.01968EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

...

7.8CVSS6.5AI score0.07107EPSS
Exploits1
Citrix
Citrix
added 2020/07/14 12:0 a.m.8 views

Collecting smaller Server-side Wireshark traces on PVS

PVS Wireshark traces can get very large and could use up a lot of resources. Here is a method that can be used to reduce the size of the traces and the impact on the PVS server. With the smaller trace file and lower impact, the trace can run longer and the resulting files are easier to handle...

7AI score
Exploits0
Prion
Prion
added 2020/07/01 3:15 p.m.16 views

Denial of service

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer SSL renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this...

5CVSS6AI score0.02161EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/11 6:50 a.m.1 views

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

7.5CVSS7.2AI score0.05316EPSS
Exploits0References5
OSV
OSV
added 2020/05/13 4:15 p.m.3 views

CVE-2020-9501

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...

5.5CVSS6.1AI score0.00321EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.6 views

The vulnerability of the crwimage_int.cpp component in the Exiv2 metadata management library allows a attacker to cause a service failure.

The vulnerability of the crwimageint.cpp component in the Exiv2 metadata management library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

4.3CVSS6.6AI score0.0235EPSS
Exploits1References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.7 views

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik allows a hacker to cause a service failure.

The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik routers is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by using system calls like connect and write...

7.8CVSS7.2AI score0.02594EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/03/05 7:1 p.m.5 views

envoy: Incorrect Access Control when using SDS with Combined Validation Context

An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/03/05 12:0 a.m.24 views

Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability

A denial of service DoS vulnerability exists in Cisco MDS 9000 Series Multilayer Switch due to improper resource usage control. An unauthenticated, remote attacker can exploit this issue, via sending traffic to the management interface mgmt0, to cause the system to stop responding. Please see the...

8.6CVSS7.9AI score0.01631EPSS
Exploits0References4
NVD
NVD
added 2020/02/26 5:15 p.m.14 views

CVE-2020-3175

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource usage control. An...

8.6CVSS8.5AI score0.01631EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/02/24 12:0 a.m.4 views

The vulnerability of the Server:DDL component of the Oracle MySQL database management system allows a hacker to cause a service failure.

The vulnerability of the Server:DDL component of the Oracle MySQL database management system is related to an uncontrolled consumption of system resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

6.5CVSS7AI score0.03103EPSS
Exploits0References4Affected Software2
0day.today
0day.today
added 2020/02/03 12:0 a.m.143 views

BearFTP 0.1.0 - (PASV) Denial of Service Exploit

Exploit Title: BearFTP 0.1.0 - 'PASV' Denial of Service Exploit Author: kolya5544 Vendor Homepage: http://iktm.me/ Software Link: https://github.com/kolya5544/BearFTP/releases Version: v0.0.1 - v0.1.0 Tested on: Ubuntu 18.04 CVE : CVE-2020-8416 static void Mainstring args Console.WriteLine"DoS...

7.5CVSS7.6AI score0.14206EPSS
Exploits5
OSV
OSV
added 2020/01/31 1:15 p.m.15 views

CVE-2020-7218

HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3...

7.5CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder