240 matches found
Denial Of Service
eap7-undertow is vulnerable to denial of service. The vulnerability exists due to a buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion...
Red Hat JBoss Enterprise Application Platform资源管理错误漏洞
Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source , J2EE-based middleware platform. The platform is primarily used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss Enterpris...
undertow: buffer leak on incoming websocket PONG message may lead to DoS
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
undertow: buffer leak on incoming websocket PONG message may lead to DoS
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
RHEL 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2021:3219)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3219 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous...
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
Information Disclosure
coturn is vulnerable to information disclosure. The STUN/TURN response buffer is not initialized properly and causes a leak of information between different client connections. An attacker is able to use their connection to intelligently query coturn to get interesting bytes in the padding bytes...
Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-33717)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile device buffer overflow vulnerability can be exploited by an attacker to read data outside the rkp log buffer, resulting in an information leak...
The vulnerability of Intel processors lies in a leak in the store buffer for results of read operations from vector registers, which allows an attacker to disclose protected information.
The vulnerability of Intel processors is related to a buffer overflow issue in the store buffer, which handles results of read operations from vector registers. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the i5100_init_one handler in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the i5100initone implementation drivers/edac/i5100edac.ko in the Linux kernel is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a system failure by disabling ADDI-DATA GmbH communication cards with the identifier PCIDEVICEIDINTEL510019...
undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...
Uninitialized memory buffer leak in FortiOS explicit web proxy
An uninitialized memory buffer leak exists in FortiOS web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response...
Design/Logic Flaw
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
CVE-2018-0241
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
CVE-2018-0241
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
CVE-2018-0241
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability
A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IP...
Junos OS: Mbuf leak due to processing MPLS packets in VPLS network.
A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number...
UBUNTU-CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
Проблемы со службой RunAs в Windows 2000 (privelege escalation)
Атакующий может подменить именованый канал службы чтобы перехватить логин и пароль пользователя. Кроме того, после выполнения приложения не производится очистка буфера памяти, что позволяет получить доступ к конфеденциальным данным. Имеется возможность DoS...