291 matches found
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote attacker could exploit the flaw in httpd's modhttp2 module to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams which leads to application crash...
www/varnish7 -- Denial of Service
The Varnish Development Team reports: A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of...
shopify-scripts: Buffer overflow in yywarning_s
PoC === The following demonstrates a crash: 300000000000000000000000000000000000000000000000E0030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Debug...
py-twisted -- multiple vulnerabilities
Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...
CVE-2019-0112
Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...
Design/Logic Flaw
Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2019-0112
Improper flow control in crypto routines for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access...
Design/Logic Flaw
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full register control. An attacker ca...
CVE-2018-18021
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full register control. An attacker ca...
BSA-2018-711
Security Advisory ID : BSA-2018-711 Component : Apache HTTPD Revision : 1.0: Final The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of servic...
CVE-2018-0332
A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...
Race condition
A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...
SUSE-SU-2018:1570-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix ethernet flow control vulnerability in SRIOV devices bsc1077355 - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by...
SUSE-SU-2018:1567-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices bsc1077355 - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by...
openSUSE Security Update : kernel-firmware (openSUSE-2018-262)
This update for kernel-firmware fixes the following issues : - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices bsc1077355 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Networ...
SUSE-SU-2018:0674-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices bsc1077355...
SUSE-SU-2018:0671-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files for ethernet flow control vulnerability in SRIOV devices bsc1077355...
CVE-2018-5501
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...
Design/Logic Flaw
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...
CVE-2018-5501
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control...