Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability

According to its self-reported version, Cisco Identity Services Engine Software is affected by a vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The...

Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

[SECURITY] [DLA 1823-1] linux security update

Package : linux Version : 3.16.68-2 CVE ID : CVE-2019-3846 CVE-2019-5489 CVE-2019-10126 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11833 CVE-2019-11884 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of...

Monero: Excessive Resource Usage

Summary: Unbounded resource usage due to open one file descriptor per connection, Python script below is effectively a threadbomb on the destination and uses all available memory on the server, clients not sending anything are never terminated. Steps To Reproduce: Up our daemon % monerod Check if...

CVE-2019-1718 Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of Secure Sockets Layer SSL renegotiation requests. A...

Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service DoS condition. The vulnerability is due to improper handling of Secure Sockets Layer SSL renegotiation requests. A...

The vulnerability of the IBM QRadar SIEM system’s event collection and analysis process is related to improper restrictions on XML links to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose protected information or utilize memory resources...

ImageMagick Denial of Service Vulnerability (CNVD-2018-16958)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in ImageMagick version 7.0.8-11 Q16. An attacker can exploit this vulnerabili...

The vulnerability of the ReadDDSInfo function in the console-based image editing tool ImageMagick allows a hacker to cause a service failure.

The vulnerability of the ReadDDSInfo function in the coders/dds.c file of the console-based image editing tool ImageMagick is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Understanding Workspace Environment Management (WEM) System Optimization

The WEM System Optimization feature is a group of settings designed to dramatically lower resource usage on a VDA on which the WEM Agent is installed. These are machine-based settings that will apply to all user sessions. Managing Servers with different Hardware Configurations Sets of VMs may hav...

Wireshark epan/dissectors/packet-dcm.c file denial of service vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the epan/dissectors/packet-dcm.c file in Wireshark...

CVE-2018-2378

In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption...

PT-2018-3004 · Expat +9 · Expat +9

Name of the Vulnerable Software and Affected Versions: Expat versions prior to 2.2.7 Description: The issue is related to the XML parser in the Expat library, which can consume a high amount of RAM and CPU resources when processing XML input that includes XML names with a large number of colons...

samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks

A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

CVE-2017-7007

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service resource consumption and application crash...

CVE-2017-1000359

Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

Git jq JSON File Denial of Service Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds. jq is a lightweight command-line JSON processor developed by software developer Stephen Dolan. Git 1.5 and earlier versions of jq have a security vulnerability that can be...

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the VNC websocket frame decoder in the hardware emulation software QEMU is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures such as increased memory and computational resources usage by sending HTTP header...

Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...