Lucene search
K

291 matches found

Veracode
Veracode
added 2019/05/02 6:10 a.m.27 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote attacker could exploit the flaw in httpd's modhttp2 module to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams which leads to application crash...

5.9CVSS5.7AI score0.15327EPSS
Exploits0References40Affected Software1
FreeBSD
FreeBSD
added 2019/04/19 12:0 a.m.27 views

www/varnish7 -- Denial of Service

The Varnish Development Team reports: A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of...

7.5CVSS6.8AI score0.70595EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/04/11 2:44 p.m.19 views

shopify-scripts: Buffer overflow in yywarning_s

PoC === The following demonstrates a crash: 300000000000000000000000000000000000000000000000E0030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Debug...

0.8AI score
Exploits0
FreeBSD
FreeBSD
added 2019/03/01 12:0 a.m.50 views

py-twisted -- multiple vulnerabilities

Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...

9.8CVSS0.2AI score0.87806EPSS
Exploits4References1
NVD
NVD
added 2019/02/18 5:29 p.m.15 views

CVE-2019-0112

Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...

4.4CVSS5.4AI score0.0045EPSS
Exploits0References3
Prion
Prion
added 2019/02/18 5:29 p.m.14 views

Design/Logic Flaw

Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...

2.1CVSS5.2AI score0.0045EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/02/18 5:0 p.m.14 views

CVE-2019-0112

Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...

4.5AI score0.0045EPSS
Exploits0References3
Prion
Prion
added 2018/10/07 6:29 a.m.26 views

Design/Logic Flaw

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full register control. An attacker ca...

3.6CVSS6.4AI score0.0057EPSS
Exploits0References13Affected Software3
Debian CVE
Debian CVE
added 2018/10/07 6:0 a.m.36 views

CVE-2018-18021

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full register control. An attacker ca...

7.1CVSS7.1AI score0.0057EPSS
Exploits0
Broadcom
Broadcom
added 2018/10/02 12:0 a.m.7 views

BSA-2018-711

Security Advisory ID : BSA-2018-711 Component : Apache HTTPD Revision : 1.0: Final The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of servic...

5.9CVSS8.1AI score0.15327EPSS
Exploits0
NVD
NVD
added 2018/06/07 9:29 p.m.13 views

CVE-2018-0332

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

7.5CVSS7.4AI score0.0348EPSS
Exploits0References3
Prion
Prion
added 2018/06/07 9:29 p.m.15 views

Race condition

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

5CVSS7.4AI score0.0348EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2018/06/07 11:43 a.m.9 views

SUSE-SU-2018:1570-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix ethernet flow control vulnerability in SRIOV devices bsc1077355 - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by...

8.6CVSS6.6AI score0.74041EPSS
Exploits9References5
OSV
OSV
added 2018/06/07 11:43 a.m.7 views

SUSE-SU-2018:1567-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices bsc1077355 - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by...

8.6CVSS6.5AI score0.74041EPSS
Exploits9References5
Tenable Nessus
Tenable Nessus
added 2018/03/16 12:0 a.m.30 views

openSUSE Security Update : kernel-firmware (openSUSE-2018-262)

This update for kernel-firmware fixes the following issues : - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices bsc1077355 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Networ...

8.6CVSS6.5AI score0.02429EPSS
Exploits0References2
OSV
OSV
added 2018/03/14 4:1 p.m.9 views

SUSE-SU-2018:0674-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices bsc1077355...

8.6CVSS8.4AI score0.02429EPSS
Exploits0References3
OSV
OSV
added 2018/03/14 4:0 p.m.7 views

SUSE-SU-2018:0671-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices bsc1077355...

8.6CVSS8.5AI score0.02429EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 4:29 p.m.1 views

CVE-2018-5501

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...

5.9CVSS5.8AI score0.01409EPSS
Exploits0References2
Prion
Prion
added 2018/03/01 4:29 p.m.20 views

Design/Logic Flaw

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...

4.3CVSS5.8AI score0.01409EPSS
Exploits0References2Affected Software13
Cvelist
Cvelist
added 2018/03/01 4:0 p.m.23 views

CVE-2018-5501

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...

5.7AI score0.01409EPSS
Exploits0References2
Rows per page
Query Builder