Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731)

Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Governance and Intelligence regarding OpenSSL Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processi...

Security Bulletin: Vulnerability in Apache POI affects IBM Emptoris Services Procurement (CVE-2017-5644)

Summary Open Source Apache Poi vulnerability affects IBM Emptoris Services Procurement Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-craft...

Security Bulletin: IBM® DB2® LUW is affected by the JSON-C vulnerability (CVE-2013-6371)

Summary IBM® DB2® LUW is affected by a denial of service vulnerability in JavaScript Object Notation JSON-C, caused by an error in the hash function during string parsing. A remote, unauthorized user could exploit this vulnerability to consume all available CPU resources. Vulnerability Details CV...

Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache POI vulnerabilities (CVE-2017-5644, CVE-2016-5000, CVE-2014-3574)

Summary IBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache POI library. Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when...

Wireshark epan/dissectors/packet-thrift.c file denial of service vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the epan/dissectors/packet-thrift.c file in Wireshark...

ArGoSoft Mini Mail Server 1.0.0.2 Denial Of Service

!/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors...

CVE-2017-15223

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors, possibly triggering an infinite loop...

Denial of service

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors, possibly triggering an infinite loop...

CVE-2017-15223

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors, possibly triggering an infinite loop...

CVE-2017-15223

Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors, possibly triggering an infinite loop...

CVE-2017-15223

The CVE-2017-15223 entry applies to ArGoSoft Mini Mail Server 1.0.0.2 and earlier, describing a remote denial-of-service that wastes CPU/memory resources via unspecified vectors, potentially triggering an infinite loop. Connected sources corroborate a DoS vulnerability in this software and note p...

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service !/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU...

Design/Logic Flaw

Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...

CVE-2016-8734

Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...

CVE-2016-8734

Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...

CVE-2016-8734

Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...

CVE-2016-8734

Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory...

Wireshark Security Updates (wnpa-sec-2017-46_wnpa-sec-2017-45) - Windows

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

Wireshark 2.2.x < 2.2.8 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.8 advisory. - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust...

KLA11072 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities: 1. Multiple unspecified vulnerabilities in the AMQP and MQ dissectors can be exploited remotely via a special...