3625 matches found
CVE-2017-11343
CHICKEN Scheme versions up to 4.12.0 are vulnerable to an algorithmic complexity attack due to an incomplete fix for CVE-2012-6125. The issue arises from crafted input causing O(n) symbol-table lookups. The Fedora advisory FEDORA-2017-76ce091a43 provides a fix for CVE-2017-11343 (referenced in th...
CVE-2017-11343
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in On lookup time...
CVE-2017-11343
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in On lookup time...
PT-2017-11944 · Chicken +1 · Chicken Scheme +1
Name of the Vulnerable Software and Affected Versions: CHICKEN Scheme versions prior to 4.12.1 Description: The issue is related to an incomplete fix for a previous problem, which allows an algorithmic complexity attack. An attacker can provide crafted input that, when inserted into the symbol...
Legal Robot: Password complexity not evenly enforced
A security researcher discovered that our password complexity requirements were not properly enforced during account registration, as they were during password reset. Minor issue but i appreciate the response time, It's really nice working with @danrubins , his very good and humble attitude is mu...
CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
Design/Logic Flaw
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
CVE-2016-10396
CVE-2016-10396 affects IPsec-Tools 0.8.2’s racoon daemon. A remote attacker can exhaust the remote endpoint’s resources by repeatedly sending ISAKMP fragment packets in a specific order, triggering a worst-case computational complexity in fragment reassembly (DoS). The NVD CVSSv3 base score is 7....
CVE-2016-10396
Removed by vendor...
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
KL-001-2017-012 : Barracuda WAF Grub Password Complexity Title: Barracuda WAF Grub Password Complexity Advisory ID: KL-001-2017-012 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-012.txt 1. Vulnerability Details Affected Vendor: Barracuda...
CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
UBUNTU-CVE-2016-10396
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in...
Denial Of Service (DoS)
Moodle is vulnerable to denial of service DoS attacks. A malicious user can use the advanced-search feature on a database to cause a algorithmic complexity attack, leading to the service being unavailable...
Apache Commons Fileupload 1.3.1 DOS(CVE-2016-3092)-vulnerability warning-the black bar safety net
Last year the commons-fileupload official announcements Commons Fileupload of a security vulnerability CVE-2016-3092, in the Commons FileUpload 1.3.2 repair. because at that time the security components use the Commons FileUpload 1.3.1 release, so with a bit of this vulnerability. Shortly before...
Reducing Infrastructure Cost with new Enterprise Application Access Architecture
In an earlier blog, "Remote Access no longer needs to be Complex and Cumbersome", I wrote about the new game-changing remote access solution available from Akamai called Enterprise Application Access EAA. My thesis was that in our cloud-first, mobile-dominated world, providing access to...
Yelp: Weak Password Policy
Summary your website allowing users to set their password to simple, at this time, i can set my password to 123456 Determine the resistance of the application against brute force password guessing using available password dictionaries by evaluating the length, complexity, reuse and aging...
Internet Bug Bounty: CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error
Integer signedness error in miniupnpc 1 allows remote attackers to cause a denial of service condition access violation and heap corruption via specially crafted HTTP response An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located ...
Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection
Application: Oracle E-Business Suite Versions Affected: Oracle EBS 12.2.3 Vendor URL: http://oracle.com Bug: SQL injection Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Dmitry Chastuhin ERPScan Description 1. ADVISORY...