1907 matches found
CVE-2015-8978
In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...
CPU/Memory usage of some servers shows blank in XenCenter
CPU/Memory usage of some servers shows blank in XenCenter...
On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net
! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...
The vulnerability of the Android operating system, which allows a hacker to trigger a service failure
The vulnerability of the Android operating system’s media server relates to the lack of restrictions on memory usage by the process. Exploiting this vulnerability allows a malicious actor to cause service interruptions device freezing and reboots by using a specially crafted media file...
CVE-2016-3754
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28615448...
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...
[SECURITY] Fedora 24 Update: nginx-1.10.1-1.fc24
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 23 Update: nginx-1.8.1-3.fc23
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)
It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...
Critical: java-1.8.0-openjdk
Issue Overview: It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...
OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)
It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...
The vulnerability of the Ruby on Rails software platform, which allows a hacker to trigger a service failure
The vulnerability in the actionpack/lib/actiondispatch/routing/routeset.rb file of the Action Pack component in the Ruby on Rails software framework is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions e.g., memory...
The vulnerability of the Network Security Services library allows a perpetrator to trigger a service failure or exert other effects.
The vulnerability of the ssl3HandleECDHServerKeyExchange function in the Network Security Services library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause service failures or other effects when establishing an SSL connection...
Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks
Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=763 The LZMA specification says the following about the memory usage of decompression: "The size of the probability model counter arrays is calculated with the...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2016-01722)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 45.0 for Linux-based platforms. A remote attacker can exploit this vulnerability to cause a denial of service memory...
VLC media player handles wma file memory corruption vulnerability
VLC media player is a well-known multimedia player that can play video and audio in many formats and is highly used. A denial of service vulnerability exists in the VLC media player software when processing wma format files, which allows attackers to exploit the vulnerability to construct malform...
nghttp2: denial of service
HTTP/2 uses HPACK to compress header fields. The basic idea is that HTTP header field is stored in the receiver with the numeric index number. The memory used by this storage is tightly constrained, and it is 4KiB by default. When sender sends the same header field, it just sends the correspondin...
[SECURITY] Fedora 22 Update: nginx-1.8.1-1.fc22
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 23 Update: nginx-1.8.1-1.fc23
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)
It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...