[SECURITY] Fedora 24 Update: lxterminal-0.3.0-3.fc24

LXterminal is a VTE-based terminal emulator with support for multiple tabs. It is completely desktop-independent and does not have any unnecessary dependencies. In order to reduce memory usage and increase the performance all instances of the terminal are sharing a single process...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

PT-2017-18030 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...

Debian DSA-3828-1 : dovecot - security update

It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the 'dict' passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...

CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

elfintils 'elf_compress.c' file denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the elfcompress.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to cause a denial of service memory consumption with...

Debian Security Advisory DSA 3828-1 (dovecot - security update)

It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the dict passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through varexpand to perform %variable expansion. Sending specially crafted %variable...

VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...

How to Configure Multi-Monitor Support on the Linux VDA

Table of Contents Overview Virtual session desktop Virtual session desktop size Allowing for different client monitor configurations Understanding memory usage on the Linux VDA Citrix multi-monitor configuration parameters MaxScreenNum MaxFbWidth MaxFbHeight Changing the Linux VDA multi-monitor...

openSUSE Security Update : libass (openSUSE-2016-1442)

This update for libass fixes the following issues : - Fixed situations that could cause uninitialised memory to be used, leading to undefined behaviour. boo1002982, CVE-2016-7969, CVE-2016-7972 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

nghttp2: Denial of service

Background Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C. Description Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATI...

GLSA-201612-13 : nghttp2: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201612-13 nghttp2: Denial of Service Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATION fram...

CVE-2015-8978

In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...

CVE-2015-8978

In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...

CPU/Memory usage of some servers shows blank in XenCenter

CPU/Memory usage of some servers shows blank in XenCenter...

On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net

! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Android operating system’s media server relates to the lack of restrictions on memory usage by the process. Exploiting this vulnerability allows a malicious actor to cause service interruptions device freezing and reboots by using a specially crafted media file...

CVE-2016-3754

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28615448...

Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...

[SECURITY] Fedora 24 Update: nginx-1.10.1-1.fc24

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...