Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4080)

Summary There is a potential denial of service in WebSphere Application Server Admin Console which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-4080 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to a...

Juniper Networks Junos OS Resource Management Error Vulnerability (CNVD-2022-05431)

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a resource management error vulnerability that originates from Juniper Networks Junos kernel...

IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.x <= 8.0.0.15 / 8.5.x < 8.5.5.21 / 9.x < 9.0.5.11 DoS

The IBM WebSphere Application Server running on the remote host is 7.x through 7.0.0.45, 8.x through 8.0.0.15, 8.5.x prior to 8.5.5.21, or 9.x prior to 9.0.5.11. It is, therefore, affected by a denial of service vulnerability. This is triggered by sending a specially-crafted request. A remote...

GHSA-86WF-436M-H424 Resource Exhaustion Denial of Service in http-proxy-agent

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Wireshark 3.6.x < 3.6.1 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 3.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.1 advisory. - Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted...

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405...

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405...

Inefficient Regular Expression Complexity in nltk/nltk

Description nltk is vulnerable to ReDoS attack because of ^-?0-9+.0-9+?$ regex. If attacker succeeds to use malicious payload against RegexpTagger used in function getpostagger and maltregextagger, it will cause a nasty DoS. Proof of Concept // PoC.py import re, time pattern =...

Security Bulletin: Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-30468)

Summary Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-30468 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON...

CVE-2021-34741 Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

CVE-2021-34741 Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...

Security Bulletin: Vulnerability in Kernel affects Power Hardware Management Console (CVE-2018-5391)

Summary Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust a...

Denial Of Service (DoS)

bindata is vulnerable to denial of service. Certain classes in BinData are created very slowly. When combined with constantize, a potential denial of service condition can occur due to excessive consumption of CPU resources...

[ASA-202106-57] pigeonhole: denial of service

Arch Linux Security Advisory ASA-202106-57 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2020-28200 Package : pigeonhole Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2088 Summary ======= The package pigeonhole before...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libexpat

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote...

Eclipse Jetty DoS Vulnerability (GHSA-26vr-8j45-3r4w) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

[ASA-202106-25] python-urllib3: denial of service

Arch Linux Security Advisory ASA-202106-25 ========================================== Severity: Medium Date : 2021-06-09 CVE-ID : CVE-2021-33503 Package : python-urllib3 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2038 Summary ======= The package python-urllib3...

Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

Summary IBM DataPower Gateway has addressed the following vulnerabilities: CVE-2019-9513 CVE-2019-9511 Vulnerability Details CVEID: CVE-2019-9513 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and...

Wireshark 3.2.x < 3.2.13 A Vulnerability (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.13. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.2.13 advisory. - Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial...