164 matches found
CVE-2020-28009
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow multiple days...
CVE-2020-26414
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...
CVE-2020-26414
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...
Input validation
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...
CVE-2020-26414
Removed by vendor...
Ruby on Rails: Regular expression denial of service in ActiveRecord's PostgreSQL Money type
Summary Hello team! The regular expressions used in the Money type to convert strings like -$100,000.00 to 100000 have an execution time with a quadratic growth proportional to the length of the string. Causing the denial of service requires very long strings but if the parameter is in a post bod...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists as an integer signedness issue was found in the PHP zip extension. An attacker could use a specially-crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit i...
Virtual Desktops 7.15 CU3 - On Studio - Machine catalogs, keeps spinning for long time and never displays the list of the machines.
Virtual Desktops 7.15 CU3 - On Studio - Machine catalogs, keeps spinning for long time and never displays the list of the machines. As per the CDF logs uploaded, there found exceptions related to communication for Get-ProvTask execution. 261057,0,2019/03/18 13:19:16:45184,6716,2288,1,Xendesktop...
Information disclosure
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...
CVE-2018-3691
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...
Intel® Integrated Performance Primitives Cryptography Library Update
Summary: Some implementations in Intel® Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. - 4.7 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: Intel® Integrated Performance Primitives Cryptograph...
Dump Active Directory Domain Information: goddi
goddi go dump domain info dumps domain users, groups, domain controllers, and more in CSV output and it runs on Windows and Linux. Functionality StartTLS and TLS tls.Client func connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the curren...
Safari Browser: Memory corruption in Array concat (CVE-2017-2464)
There is an out-of-bounds memcpy in Array.concat that can lead to memory corruption. In builtins/ArrayPrototype.js, the function concatSlowPath calls a native method @appendMemcpy with a parameter resultIndex that is handled unsafely by the method. It calls JSArray::appendMemcpy, which calculates...
CVE-2016-9850
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
CVE-2016-9850
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
CVE-2016-9850
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
Design/Logic Flaw
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
CVE-2016-9850
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
CVE-2016-9850
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...
Username rule matching issues
PMASA-2016-61 Announcement-ID: PMASA-2016-61 Date: 2016-11-25 Updated: 2016-12-06 Summary Username rule matching issues Description A vulnerability in username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution tim...