479 matches found
Oracle Linux 8 : spamassassin (ELSA-2020-4625)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4625 advisory. - Fixed CVE-2018-11805 - Fixed CVE-2020-1930 - Fixed CVE-2020-1931 - Fix CVE-2019-12420 Tenable has extracted the preceding description block directly...
PT-2020-5886 · Openexr +4 · Openexr +4
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled...
Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending specially-crafted MSS traffic, a remote attacker cou...
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2272)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : spamassassin (ALAS-2020-1545)
The version of spamassassin installed on the remote host is prior to 3.4.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1545 advisory. In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as so...
Kubernetes: Unsecured Grafana instance on https://monitoring.prow-canary.k8s.io/dashboards
Hi, I was looking at https://monitoring.prow-canary.k8s.io Grafana webapp. I'm not sure if it is for demo purposes, but I can access the main dashboard and view all graphs. https://monitoring.prow-canary.k8s.io/dashboards If indeed it is for demo purposes, please let me close the report myself...
dovecot-pigeonhole -- Sieve excessive resource usage
Dovecot team reports reports: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time...
In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
...
Collecting smaller Server-side Wireshark traces on PVS
PVS Wireshark traces can get very large and could use up a lot of resources. Here is a method that can be used to reduce the size of the traces and the impact on the PVS server. With the smaller trace file and lower impact, the trace can run longer and the resulting files are easier to handle...
Denial of service
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer SSL renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this...
nghttp2: overly large SETTINGS frames can lead to DoS
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...
CVE-2020-9501
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...
The vulnerability of the crwimage_int.cpp component in the Exiv2 metadata management library allows a attacker to cause a service failure.
The vulnerability of the crwimageint.cpp component in the Exiv2 metadata management library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik allows a hacker to cause a service failure.
The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik routers is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by using system calls like connect and write...
envoy: Incorrect Access Control when using SDS with Combined Validation Context
An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...
Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability
A denial of service DoS vulnerability exists in Cisco MDS 9000 Series Multilayer Switch due to improper resource usage control. An unauthenticated, remote attacker can exploit this issue, via sending traffic to the management interface mgmt0, to cause the system to stop responding. Please see the...
CVE-2020-3175
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource usage control. An...
The vulnerability of the Server:DDL component of the Oracle MySQL database management system allows a hacker to cause a service failure.
The vulnerability of the Server:DDL component of the Oracle MySQL database management system is related to an uncontrolled consumption of system resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
BearFTP 0.1.0 - (PASV) Denial of Service Exploit
Exploit Title: BearFTP 0.1.0 - 'PASV' Denial of Service Exploit Author: kolya5544 Vendor Homepage: http://iktm.me/ Software Link: https://github.com/kolya5544/BearFTP/releases Version: v0.0.1 - v0.1.0 Tested on: Ubuntu 18.04 CVE : CVE-2020-8416 static void Mainstring args Console.WriteLine"DoS...
CVE-2020-7218
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3...