hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-15206 via tensorflow-cpu (=2.1.0)

tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-15206 Source advisory: OSV:GHSA-W5GH-2WR2-PM6G...

CVE-2020-0955

An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'...

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973...

qt5-qtimageformats: QTgaFile CPU exhaustion

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

BSA-2018-740

Security Advisory ID : BSA-2018-740 Component : CPU featuring SMT Revision : 1.0: Initial A group a researchers has discover a new vulnerability being called PortSmash, impacting all CPUs that use a Simultaneous Multithreading SMT architecture. SMT is a technology that allows multiple computing...

Unspecified vulnerability in Linux kernel (CNVD-2018-16689)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 4.17.2 and earlier, which stems from the page allocator not providing CPU resources to the oomlock mutex lock...

Intel Core Microprocessors Information Disclosure Vulnerability

Intel Core-based microprocessors are the Core family of central processing unit products CPUs from the U.S. company Intel. An information disclosure vulnerability exists in Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain values about other processes stored...

Multiple CPU Hardwares Information Disclosure Vulnerabilities

CPU hardware is the firmware that runs in the central processor to manage and control the CPU. An information disclosure vulnerability exists in multiple CPU Hardwares. The vulnerability arises due to a contention condition in CPU cache processing. A local attacker can exploit the vulnerability t...

UBUNTU-CVE-2017-15119

The Network Block Device NBD server in Quick Emulator QEMU before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the CPU performance module of Qualcomm ARM’s Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a local attacker to enhance their privileges through a specially created application...

Siemens SIMATIC S7-1500 Denial of Service Vulnerability (CNVD-2016-00931)

The Siemens SIMATIC S7-1500 is a controller family with a modular structure. A denial of service vulnerability exists in Siemens SIMATIC S7-1500 versions prior to 1.8.3 when processing specially crafted TCP packets. An attacker can exploit the vulnerability to cause the CPU to automatically reboo...

Cisco IronPort Email Security Appliance Denial of Service Vulnerability

The Cisco IronPort Email Security Appliance is an architectural multi-tier email security management tool. A denial of service vulnerability exists in the Cisco IronPort Email Security Appliance that could be exploited by an attacker to cause excessive CPU usage and launch a denial of service...

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...

python: hash table collisions CPU usage DoS (oCERT-2011-003)

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...