488 matches found
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...
GHSA-23JV-V6QJ-3FHH Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...
The vulnerability of the dump_desc() function in the Tor browser, which allows a hacker to trigger a service failure
The vulnerability of the dumpdesc function in the Tor browser is related to a bug in the resource consumption control mechanism. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
GitLab 资源管理错误漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab has a security vulnerability in versions after...
EulerOS 2.0 SP2 : spamassassin (EulerOS-SA-2021-1360)
According to the versions of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain...
The vulnerability of the REST API implementation of Cisco Managed Services Accelerator allows a perpetrator to trigger a service failure.
The vulnerability of the REST API interface implementation of Cisco Managed Services Accelerator is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2021-1120)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Cloud Pak System addressed vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)
Summary IBM Cloud Pak System identified vulnerabilities in SAN VC supporting products. IBM announced a new release for IBM Cloud Pak System in response to vulnerabilities. Vulnerability Details CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an...
PT-2020-13495 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 13.3.8 Description: A potential DOS issue was discovered in GitLab CE/EE. The container registry name check could cause an exponential number of backtracks for certain user-supplied values, resulting in high...
Oracle Linux 8 : spamassassin (ELSA-2020-4625)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4625 advisory. - Fixed CVE-2018-11805 - Fixed CVE-2020-1930 - Fixed CVE-2020-1931 - Fix CVE-2019-12420 Tenable has extracted the preceding description block directly...
PT-2020-5886 · Openexr +4 · Openexr +4
Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.0-beta Description: The issue is related to the implementation of the scanline input file functionality in the OpenEXR library, specifically in the ImfScanLineInputFile.cpp file. It involves an uncontrolled...
Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending specially-crafted MSS traffic, a remote attacker cou...
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2272)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : spamassassin (ALAS-2020-1545)
The version of spamassassin installed on the remote host is prior to 3.4.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1545 advisory. In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as so...
Kubernetes: Unsecured Grafana instance on https://monitoring.prow-canary.k8s.io/dashboards
Hi, I was looking at https://monitoring.prow-canary.k8s.io Grafana webapp. I'm not sure if it is for demo purposes, but I can access the main dashboard and view all graphs. https://monitoring.prow-canary.k8s.io/dashboards If indeed it is for demo purposes, please let me close the report myself...
dovecot-pigeonhole -- Sieve excessive resource usage
Dovecot team reports reports: Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU time...
In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
...
Collecting smaller Server-side Wireshark traces on PVS
PVS Wireshark traces can get very large and could use up a lot of resources. Here is a method that can be used to reduce the size of the traces and the impact on the PVS server. With the smaller trace file and lower impact, the trace can run longer and the resulting files are easier to handle...
Denial of service
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer SSL renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this...
nghttp2: overly large SETTINGS frames can lead to DoS
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...