CVE-2020-35875

CVE-2020-35875 affects the Rust crate tokio-rustls (before 0.13.1). The root cause is that tokio-rustls does not call process_new_packets immediately after read, causing wants_read to always return true and allowing data to accumulate in memory when data arrives faster than it is processed. This ...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust tokio-rustls crate before 0.13.1, which stems from the possibility of excessive memory usage when data arrives quickly...

RHEL 7 : java-1.7.1-ibm (RHSA-2020:5586)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5586 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

OPENSUSE-SU-2020:2268-1 Security update for clamav

This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. jscECO-3010,bsc1118459 Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 clamd can now reload the...

OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

tika: excessive memory usage in PSDParser

A flaw was found in Apache Tika’s PSDParser, where a carefully crafted or corrupt PSD file can cause excessive memory usage. The highest threat from this vulnerability is to system availability...

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

Information disclosure

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

CVE-2020-29487

An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one R...

CVE-2020-29485

CVE-2020-29485 concerns Xen 4.6–4.14.x where, on XS_RESET_WATCHES, Xenstored’s tracking information is not fully freed in the Ocaml Xenstored implementation, allowing unbounded memory growth and a system-wide DoS. The vulnerability affects hosts using the Ocaml Xenstored; the C Xenstored implemen...

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

oxenstored memory leak in reset_watches

ISSUE DESCRIPTION When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. IMPACT A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. VULNERABLE SYSTEMS All version of Xen since 4.6 are vulnerable. Only systems using the Ocaml...

XAPI: guest-triggered excessive memory usage

ISSUE DESCRIPTION Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forward via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time...

SUSE-SU-2020:3729-1 Security update for clamav

This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jscECO-3010 and bsc1118459. clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. -...

HackerOne: Denial Of Service (Out Of Memory) on Updating Bounty Table [Urgent]

Hello, Summary: There is a bug in Updating Bounty Table section causing Denial Of Service , specifically loading up the memory usage Out Of Memory. This happens when you visit a corrupted bounty table of a target program. I didn't figure out yet how this issue happened but I am reporting it now...

Node.js: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion

Summary: Node.js http2 server is vulnerable against denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new...

MGASA-2020-0418 Updated java-1.8.0-openjdk packages fix security vulnerabilities

High memory usage during deserialization of Proxy class with many interfaces. CVE-2020-14779 Credentials sent over unencrypted LDAP connection. CVE-2020-14781 Certificate blacklist bypass via alternate certificate encodings. CVE-2020-14782 Integer overflow leading to out-of-bounds access...

Connection Quality Indicator

Connection Quality Indicator Created: Feb 15, 2017 Updated: Oct 16, 2024 SHA 256 Checksum: c79d1dfdfe50b1386a334b4d78f78ced25eb61b8091a2bc8b33f9d9b9014dbd2 Please provide feedback or enhancement requests at https://forms.gle/TwWrKPT6J8u7GdKA6. Description The Connection Quality Indicator CQI is a...