1907 matches found
CVE-2017-7063
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service memory consumption and application crash...
OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...
OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)
It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...
OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...
My first working week with Opera Reborn
So, last Monday I changed my Chrome to the new Opera. It was an experiment to feel how is it “really” different from Chrome. I should mention before writing this post two important things about my background: 1. I was an Opera user since 2003 to 2010 and then moved to Chrome because of the many...
High memory usage UPM
There is high memory usage of process userProfileManager.exe on all servers after upgrading to UPM 5.7...
CVE-2017-4903
CVE-2017-4903 corresponds to an uninitialized stack memory usage in SVGA affecting VMware products. Affected: ESXi 6.5 and older 6.x/5.5 builds listed as without patches (e.g., ESXi650-201703410-SG; ESXi600-201703401-SG; ESXi600-201703403-SG; ESXi600-201703402-SG; ESXi550-201703401-SG); Workstati...
[SECURITY] Fedora 24 Update: lxterminal-0.3.0-3.fc24
LXterminal is a VTE-based terminal emulator with support for multiple tabs. It is completely desktop-independent and does not have any unnecessary dependencies. In order to reduce memory usage and increase the performance all instances of the terminal are sharing a single process...
OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...
PT-2017-18030 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...
Debian DSA-3828-1 : dovecot - security update
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the 'dict' passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...
CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
elfintils 'elf_compress.c' file denial of service vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the elfcompress.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to cause a denial of service memory consumption with...
Debian Security Advisory DSA 3828-1 (dovecot - security update)
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the dict passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...
VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...
How to Configure Multi-Monitor Support on the Linux VDA
Table of Contents Overview Virtual session desktop Virtual session desktop size Allowing for different client monitor configurations Understanding memory usage on the Linux VDA Citrix multi-monitor configuration parameters MaxScreenNum MaxFbWidth MaxFbHeight Changing the Linux VDA multi-monitor...
openSUSE Security Update : libass (openSUSE-2016-1442)
This update for libass fixes the following issues : - Fixed situations that could cause uninitialised memory to be used, leading to undefined behaviour. boo1002982, CVE-2016-7969, CVE-2016-7972 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
nghttp2: Denial of service
Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATI...
GLSA-201612-13 : nghttp2: Denial of Service
The remote host is affected by the vulnerability described in GLSA-201612-13 nghttp2: Denial of Service Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATION fram...
CVE-2015-8978
In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...