Lucene search
K

596 matches found

Prion
Prion
added 2013/09/25 10:31 a.m.18 views

Design/Logic Flaw

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

5CVSS6.9AI score0.01232EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/09/25 10:0 a.m.30 views

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

6.4AI score0.01232EPSS
Exploits0References1
Mageia
Mageia
added 2013/09/19 9:45 a.m.47 views

Updated python-django package fixes multiple vulnerabilities

Updated python-django package fixes security vulnerabilities: Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to...

5CVSS0.7AI score0.03182EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.27 views

Oracle Linux 5 : xorg-x11-server (ELSA-2010-0382)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0382 advisory. 1.1.1-48.76.0.1.el55.1 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.76.1 - xserver-1.1.1-mod-macro-parens.patch: Fix...

7.1CVSS5.5AI score0.05351EPSS
Exploits1References2
Fedora
Fedora
added 2013/06/12 2:34 a.m.23 views

[SECURITY] Fedora 18 Update: kajongg-4.10.4-1.fc18

Kajongg is the ancient Chinese board game for 4 players. Kajongg can be used in two different ways: Scoring a manual game where you play as always and use Kajongg for the computation of scores and for bookkeeping. Or you can use Kajongg to play against any combination of other human players or...

8.4CVSS1.6AI score0.00558EPSS
Exploits1
Exploit DB
Exploit DB
added 2013/06/07 12:0 a.m.38 views

Microsoft Internet Explorer - textNode Use-After-Free (MS13-037) (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "MS13-037 Microsof...

9.3CVSS7AI score0.20699EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2013/04/14 12:0 a.m.29 views

FreeBSD : FreeBSD -- Network ACL mishandling in mountd(8) (87261557-a450-11e2-9898-001060e06fd4)

While parsing the exports5 table, a network mask in the form of '-network=netname/prefixlength' results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as '-network 192.0.2.0/23' would result in a netmask of...

4.3CVSS5.3AI score0.01282EPSS
Exploits0References2
NVD
NVD
added 2012/11/28 1:3 p.m.33 views

CVE-2012-5370

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

5CVSS6.1AI score0.02249EPSS
Exploits0References6
Prion
Prion
added 2012/11/28 1:3 p.m.22 views

Design/Logic Flaw

Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

5CVSS6.9AI score0.01941EPSS
Exploits1References5
Prion
Prion
added 2012/11/28 1:3 p.m.28 views

Design/Logic Flaw

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

5CVSS6.5AI score0.0436EPSS
Exploits1References6
Cvelist
Cvelist
added 2012/11/28 11:0 a.m.43 views

CVE-2012-5370

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

6AI score0.02249EPSS
Exploits0References6
Cvelist
Cvelist
added 2012/11/28 11:0 a.m.39 views

CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an...

8.5AI score0.0317EPSS
Exploits1References8
Prion
Prion
added 2012/10/05 9:55 p.m.27 views

Code injection

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

5CVSS6.5AI score0.0506EPSS
Exploits3References18Affected Software1
Debian CVE
Debian CVE
added 2012/10/05 9:0 p.m.26 views

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

5CVSS8.2AI score0.0506EPSS
Exploits3
OpenVAS
OpenVAS
added 2012/08/09 12:0 a.m.28 views

RedHat Update for openldap RHSA-2012:1151-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS8.8AI score0.04114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.25 views

Scientific Linux Security Update : gdb on SL4 i386/x86_64

Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. CVE-2006-4146 %NASLMINLEVEL...

5.1CVSS6.1AI score0.03227EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/02/22 12:0 a.m.26 views

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data...

5CVSS7.2AI score0.0326EPSS
Exploits0References3
Amazon
Amazon
added 2012/01/19 12:0 a.m.32 views

Important: ruby

Issue Overview: Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

7.8CVSS7.5AI score0.04246EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2012/01/08 12:55 a.m.31 views

CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted queries with the Recursion Desired RD bit set. NOTE:...

5CVSS5.9AI score0.01577EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/01/08 12:0 a.m.61 views

CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted queries with the Recursion Desired RD bit set. NOTE:...

6.4AI score0.01577EPSS
Exploits0References4
Rows per page
Query Builder