478 matches found
Wireshark 3.2.x < 3.2.13 A Vulnerability
The version of Wireshark installed on the remote Windows host is prior to 3.2.13. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.2.13 advisory. - Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of servi...
Wireshark 3.4.x < 3.4.5 A Vulnerability
The version of Wireshark installed on the remote Windows host is prior to 3.4.5. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.4.5 advisory. - Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service...
Wireshark 3.4.x < 3.4.5 A Vulnerability (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.4.5. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.4.5 advisory. - Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial o...
Regular Expression Denial Of Service (ReDos)
xstream is vulnerable to regular expression denial of service. A remote attacker is able to occupy a thread that consumes excessive CPU resources for long period of time...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
Design/Logic Flaw
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...
CVE-2021-27291
A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...
NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)
The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and...
Security Bulletin: IBM MQ Appliance is affected by libexpat vulnerabilities (CVE-2018-20843, CVE-2019-15903)
Summary IBM MQ Appliance has resolved libexpat vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit th...
Wireshark 3.4.x < 3.4.3 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 3.4.3. It is, therefore, affected by vulnerabilities as referenced in the wireshark-3.4.3 advisory. - The USB HID dissector could leak memory. It may be possible to make Wireshark consume excessive CPU resources by injectin...
IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.17 / 9.0.0.0 < 9.0.5.1 Multiple Vulnerabilities (964768)
The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities as follows: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while...
Security Bulletin: Potential Denial of Service security vulnerability in Rational Synergy (CVE-2011-4461)
Summary Potential Denial of Service DoS security vulnerability in IBM Rational Synergy due to a Java HashTable security vulnerability in Jetty CVE-2011-4461. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for mo...
[ASA-202012-19] gdk-pixbuf2: denial of service
Arch Linux Security Advisory ASA-202012-19 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-29385 Package : gdk-pixbuf2 Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1328 Summary ======= The package gdk-pixbuf2 before...
[ASA-202012-20] lib32-gdk-pixbuf2: denial of service
Arch Linux Security Advisory ASA-202012-20 ========================================== Severity: Medium Date : 2020-12-09 CVE-ID : CVE-2020-29385 Package : lib32-gdk-pixbuf2 Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-1329 Summary ======= The package...
Denial Of Service (DoS)
wireshark is vulnerable to denial of service. It is possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file...
Oracle Linux 8 : expat (ELSA-2020-4484)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4484 advisory. 2.2.5-4 - add security fixes for CVE-2018-20843, CVE-2019-15903 Tenable has extracted the preceding description block directly from the Oracle Linux...
Security Bulletin: A vulnerability in SSL implementation affects IBM SPSS Statistics Server
Summary Client initiated Renegotiation could lead to weak encrypted communication, therefore client initiated renegotiation should be disabled. Vulnerability Details CVEID: CVE-2011-1473 DESCRIPTION: Multiple implementations of the Transport Layer Security TLS protocol, including SSL, are...
Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan
Summary CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan Vulnerability Details CVEID: CVE-2009-2625 DESCRIPTION: Sun Java Runtime Environment JRE is vulnerable to a denial of service, caused by an error in Apache Xerces2 Java. A remote...
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM App Connect Enterprise V11
Summary IBM App Connect Enterprise V11 ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/...