Lucene search
K

1907 matches found

OSV
OSV
added 2017/07/20 4:29 p.m.3 views

CVE-2017-7063

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service memory consumption and application crash...

7.5CVSS7.3AI score0.02772EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/07/20 4:16 p.m.6 views

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

5.3CVSS7.3AI score0.0345EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/07/20 4:16 p.m.4 views

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

6.5CVSS7.3AI score0.02862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/07/20 3:59 p.m.6 views

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

5.3CVSS7.3AI score0.0345EPSS
Exploits0References4
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2017/06/20 4:10 a.m.27 views

My first working week with Opera Reborn

So, last Monday I changed my Chrome to the new Opera. It was an experiment to feel how is it “really” different from Chrome. I should mention before writing this post two important things about my background: 1. I was an Opera user since 2003 to 2010 and then moved to Chrome because of the many...

6.8AI score
Exploits0
Citrix
Citrix
added 2017/06/20 12:0 a.m.6 views

High memory usage UPM

There is high memory usage of process userProfileManager.exe on all servers after upgrading to UPM 5.7...

7.1AI score
Exploits0
CVE
CVE
added 2017/06/07 6:0 p.m.112 views

CVE-2017-4903

CVE-2017-4903 corresponds to an uninitialized stack memory usage in SVGA affecting VMware products. Affected: ESXi 6.5 and older 6.x/5.5 builds listed as without patches (e.g., ESXi650-201703410-SG; ESXi600-201703401-SG; ESXi600-201703403-SG; ESXi600-201703402-SG; ESXi550-201703401-SG); Workstati...

8.8CVSS8.6AI score0.0041EPSS
Exploits0References4Affected Software3
Fedora
Fedora
added 2017/05/30 9:28 p.m.21 views

[SECURITY] Fedora 24 Update: lxterminal-0.3.0-3.fc24

LXterminal is a VTE-based terminal emulator with support for multiple tabs. It is completely desktop-independent and does not have any unnecessary dependencies. In order to reduce memory usage and increase the performance all instances of the terminal are sharing a single process...

7.8CVSS1.1AI score0.00334EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/04/20 7:27 p.m.6 views

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

7.1CVSS7.3AI score0.03311EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2017/04/19 12:0 a.m.5 views

PT-2017-18030 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...

7.5CVSS8.7AI score0.0174EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2017/04/12 12:0 a.m.28 views

Debian DSA-3828-1 : dovecot - security update

It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the 'dict' passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...

7.5CVSS6AI score0.0464EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/04/11 5:18 a.m.28 views

CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

7.5CVSS3.5AI score0.0464EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/11 12:0 a.m.4 views

elfintils 'elf_compress.c' file denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the elfcompress.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to cause a denial of service memory consumption with...

5.5CVSS9AI score0.01641EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2017/04/10 12:0 a.m.26 views

Debian Security Advisory DSA 3828-1 (dovecot - security update)

It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the dict passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...

0.4AI score0.0464EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/30 12:0 a.m.220 views

VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...

8.8CVSS7.5AI score0.01204EPSS
Exploits3References5
Citrix
Citrix
added 2017/01/18 12:0 a.m.9 views

How to Configure Multi-Monitor Support on the Linux VDA

Table of Contents Overview Virtual session desktop Virtual session desktop size Allowing for different client monitor configurations Understanding memory usage on the Linux VDA Citrix multi-monitor configuration parameters MaxScreenNum MaxFbWidth MaxFbHeight Changing the Linux VDA multi-monitor...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/12/13 12:0 a.m.23 views

openSUSE Security Update : libass (openSUSE-2016-1442)

This update for libass fixes the following issues : - Fixed situations that could cause uninitialised memory to be used, leading to undefined behaviour. boo1002982, CVE-2016-7969, CVE-2016-7972 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS7AI score0.05186EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2016/12/05 12:0 a.m.49 views

nghttp2: Denial of service

Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATI...

3.3CVSS2.4AI score0.00886EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/12/05 12:0 a.m.41 views

GLSA-201612-13 : nghttp2: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201612-13 nghttp2: Denial of Service Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATION fram...

3.3CVSS6.8AI score0.00886EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/11/22 5:59 p.m.23 views

CVE-2015-8978

In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...

7.5CVSS7.1AI score0.01555EPSS
Exploits0References2
Rows per page
Query Builder