CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...

CVE-2017-15130

A denial of service flaw was found in dovecot. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...

CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...

Fedora 26 : qt5-qtwebengine (2018-c0d3db441f)

This update updates QtWebEngine to the 5.10.1 bugfix and security release. QtWebEngine 5.10.1 is part of the Qt 5.10.1 release, but only the QtWebEngine component is included in this update. This update includes : - Security fixes from Chromium up to version 64.0.3282.140. Including:...

Fedora 27 : qt5-qtwebengine (2018-e08d828ed9)

This update updates QtWebEngine to the 5.10.1 bugfix and security release. QtWebEngine 5.10.1 is part of the Qt 5.10.1 release, but only the QtWebEngine component is included in this update. This update includes : - Security fixes from Chromium up to version 64.0.3282.140. Including:...

Unidesk 2.X: Health Status: High Swap Memory Usage

In the Unidesk Management Console, you might see "Needs Attention" as the status on one or another of your appliances, and if you click the i info button, you will see "High swap memory usage." If you have e-mail notification turned on, you will get e-mailed when the condition is triggered. High...

Slack: Information leakage and default open port

@freem0 found Prometheus plugin output that was exposed at one of our servers. The information exposed including some OS information metrics about memory usage, but no customer data was at risk and no exploit was possible. Thank you @freem0!...

OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory...

pidusage command injection vulnerability

pidusage is a cross-platform tool for monitoring CPU and memory usage. A command injection vulnerability exists in pidusage 1.1.4 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands...

Mouse Offset Behavior During Multiple ICA Session in Receiver for Windows and Windows (Store)

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Attempting to run multiple ICA sessions simultaneously, may cause high memory and Disk I/O activity,...

DEBIAN-CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

The scrypt parameters

The recommended scrypt parameters in the Go docs were recently brought up for discussion given they havent changed since 2009. Even if at this point I memorized the three numbers N=16384, r=8, p=1 I only have a vague understanding of their meaning, so I took some time to read the scrypt paper. It...

samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks

A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory...

The vulnerability of the cine_read_header function in the FFmpeg multimedia library allows a attacker to trigger memory consumption and service failure.

The vulnerability of the cinereadheader function in the FFmpeg multimedia library is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to induce memory consumption and service failures by using a specially created CINE file. This file requires a larg...

The vulnerability of the GNU Patch software tool for Unix-based operating systems, such as Ubuntu, Fedora, and the Linux distribution Mageia, allows a hacker to cause a service failure by using a specially created diff file.

The vulnerability of the GNU Patch software tool for Unix-based operating systems, such as Ubuntu, Fedora, and the Linux distribution Mageia, is related to resource management errors memory consumption. Exploiting this vulnerability allows a malicious actor to cause service failures memory...

DEBIAN-CVE-2017-14223

In libavformat/asfdecf.c in FFmpeg 3.3.3, a DoS in asfbuildsimpleindex due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would...

DEBIAN-CVE-2017-14222

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...

ALPINE-CVE-2017-14222

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...

DEBIAN-CVE-2017-14158

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

The vulnerability of the Android CAF-release operating system, related to resource management errors, allows attackers to exploit excessive memory usage.

The vulnerability of the Android CAF-release operating system is related to resource management errors. Exploiting this vulnerability allows a remote attacker to utilize excessive memory during file loading...