Lucene search
+L

488 matches found

Github Security Blog
Github Security Blog
added 2021/05/18 6:19 p.m.64 views

Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...

7.5CVSS7.5AI score0.0201EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/05/18 6:19 p.m.17 views

GHSA-23JV-V6QJ-3FHH Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...

7.5CVSS7.4AI score0.0201EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.9 views

The vulnerability of the dump_desc() function in the Tor browser, which allows a hacker to trigger a service failure

The vulnerability of the dumpdesc function in the Tor browser is related to a bug in the resource consumption control mechanism. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

7.5CVSS7.4AI score0.01672EPSS
Exploits0References7Affected Software3
CNNVD
CNNVD
added 2021/04/01 12:0 a.m.7 views

GitLab 资源管理错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab has a security vulnerability in versions after...

4.3CVSS5.6AI score0.01206EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.38 views

EulerOS 2.0 SP2 : spamassassin (EulerOS-SA-2021-1360)

According to the versions of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain...

9.3CVSS6.6AI score0.07879EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.6 views

The vulnerability of the REST API implementation of Cisco Managed Services Accelerator allows a perpetrator to trigger a service failure.

The vulnerability of the REST API interface implementation of Cisco Managed Services Accelerator is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

4.3CVSS6.5AI score0.0114EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/01/19 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2021-1120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.5AI score0.07234EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/31 3:53 p.m.41 views

Security Bulletin: IBM Cloud Pak System addressed vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

Summary IBM Cloud Pak System identified vulnerabilities in SAN VC supporting products. IBM announced a new release for IBM Cloud Pak System in response to vulnerabilities. Vulnerability Details CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an...

7.8CVSS0.5AI score0.98745EPSS
Exploits4Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.5 views

PT-2020-13495 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 13.3.8 Description: A potential DOS issue was discovered in GitLab CE/EE. The container registry name check could cause an exponential number of backtracks for certain user-supplied values, resulting in high...

4.3CVSS4.1AI score0.01416EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.36 views

Oracle Linux 8 : spamassassin (ELSA-2020-4625)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4625 advisory. - Fixed CVE-2018-11805 - Fixed CVE-2020-1930 - Fixed CVE-2020-1931 - Fix CVE-2019-12420 Tenable has extracted the preceding description block directly...

9.3CVSS6.8AI score0.07234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/11 12:0 a.m.5 views

PT-2020-5886 · Openexr +4 · Openexr +4

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled...

7.5CVSS5.9AI score0.01848EPSS
Exploits5References107
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/09 8:11 p.m.36 views

Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending specially-crafted MSS traffic, a remote attacker cou...

7.5CVSS1.6AI score0.9166EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.9AI score0.07879EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/27 12:0 a.m.34 views

Amazon Linux 2 : spamassassin (ALAS-2020-1545)

The version of spamassassin installed on the remote host is prior to 3.4.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1545 advisory. In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as so...

7.5CVSS6.7AI score0.07234EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/10/07 11:24 a.m.20 views

Kubernetes: Unsecured Grafana instance on https://monitoring.prow-canary.k8s.io/dashboards

Hi, I was looking at https://monitoring.prow-canary.k8s.io Grafana webapp. I'm not sure if it is for demo purposes, but I can access the main dashboard and view all graphs. https://monitoring.prow-canary.k8s.io/dashboards If indeed it is for demo purposes, please let me close the report myself...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2020/09/23 12:0 a.m.40 views

dovecot-pigeonhole -- Sieve excessive resource usage

Dovecot team reports reports: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time...

4.3CVSS1.2AI score0.01968EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

...

7.8CVSS6.5AI score0.07107EPSS
Exploits1
Citrix
Citrix
added 2020/07/14 12:0 a.m.10 views

Collecting smaller Server-side Wireshark traces on PVS

PVS Wireshark traces can get very large and could use up a lot of resources. Here is a method that can be used to reduce the size of the traces and the impact on the PVS server. With the smaller trace file and lower impact, the trace can run longer and the resulting files are easier to handle...

7AI score
Exploits0
Prion
Prion
added 2020/07/01 3:15 p.m.17 views

Denial of service

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer SSL renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this...

5CVSS6AI score0.02161EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/11 6:50 a.m.3 views

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

7.5CVSS7.2AI score0.05316EPSS
Exploits0References5
Rows per page
Query Builder