90 matches found
Stack overflow
Mikrotik RouterOs 6.44.5 long-term tree suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...
CVE-2020-20213
Mikrotik RouterOs 6.44.5 long-term tree suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...
CVE-2021-21439
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...
RUSTSEC-2021-0041 Denial of service through parsing payloads with too big exponent
The parseduration::parse function allows for parsing duration strings with exponents like 5e5s where under the hood, the BigInt type along with the pow function are used for such payloads. Passing an arbitrarily big exponent makes the parseduration::parse function to process the payload for a ver...
Regular Expression Denial Of Service (ReDoS)
three is vulnerable to regular expression denial of service. The usage of an insecure regex in setStyle function in color.js allows an attacker to cause excessive consumption of CPU resources, potentially resulting in an application crash...
CVE-2020-27715
On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...
CVE-2020-7016
A flaw was found in kibana’s Timelion component. This flaw allows an attacker to construct a URL that can lead to the kibana process consuming large amounts of CPU and becoming unresponsive when viewed by a kibana user. The highest threat from this vulnerability is to system availability...
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...
UBUNTU-CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
nginx: Excessive CPU usage via flaw in HTTP/2 implementation
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...
Monero: Malicious get_random_rct_outs.bin rpc can cause a near-infinite loop
Summary: An unsanitized getrandomrctouts.bin rpc request can cause the rpc handler to go into an effectively infinite-loop, peg the cpu, and block other requests from completing. Description: The rpc endpoint /getrandomrctouts.bin takes a uint64 outscount as input and will return that many random...
Nextcloud: WebDAV Empty Property search leads to full CPU usage
Tested with the following versions: - owncloud:10.0 - nextcloud:12.0 with mariadb in place. A PROFIND nextcloud/remote.php/webdav/ with xml as body causes full CPU utilization of one Apache worker process. in curl form: curl -i --user testuser:testpass -X PROPFIND -d ''...
BlackNurse Low-Volume DoS Attack Targets Firewalls
A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol ICMP -based attack on vulnerable firewalls made by Cisco, Palo Alto,...
Microsoft Windows 2000 Remote CPU-overload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1415/info Sending a stream of binary zeros to any one of a number of Windows 2000 ports can cause 100% CPU utilization. The ports that were found vulnerable include TCP ports 7, 9, 21, 23, 7778 and UDP ports 53, 67, 68,...
firefly media server (mt-daapd) 2.4.1 / svn 1699 - Multiple Vulnerabilities
No description provided by source. Luigi Auriemma Application: Firefly Media Server mt-daapd http://www.fireflymediaserver.org Versions: = 2.4.1 and SVN = 1699 Platforms: nix, Windows, Mac and others Bugs: A partial directory traversal on Windows B authentication bypass on Windows C duplicated HT...
Java floating-point value denial of service vulnerability Hazard Analysis-vulnerability warning-the black bar safety net
| By emptiness prodigal heart http://www.inbreak.net/ JAVA a vulnerability, the CVE-2 0 1 0-4 4 7 6, will result in a denial of service attack. Everyone from the Bulletin, to see such a piece of code, quite long. Meaning only the developers to write such code only on the server. We certainly will...
MyBB adodb_mktime()日期参数远程拒绝服务漏洞
CVE ID:CVE-2009-4448 MyBB是一款流行的基于PHP的论坛程序。 MyBB inc/functionstime.php文件中包含的adodbmktime函数在处理部分日期值时存在漏洞,攻击者提交包含超大的year参数值的报文就会触发大量循环,导致CPU负载过高造成拒绝服务攻击。 MyBB 1.4.10 用户可参考如下安全公告获得补丁信息: http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functionstime.php...
MDVA-2008:148 : pulseaudio
Some issues relating to thread cancellation have been discovered in the pulseaudio package shipped with Mandriva Linux 2009.0. These issues could result in the crash of an application acting as a pulseaudio client. This condition is greatly exacerbated when the client is unable to connect to the...
Mandriva Update for pulseaudio MDVA-2008:148 (pulseaudio)
Check for the Version of pulseaudio OpenVAS Vulnerability Test Mandriva Update for pulseaudio MDVA-2008:148 pulseaudio Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...