78 matches found
The vulnerability of the `create_worker_threads` method in the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the createworkerthreads method in the MariaDB database management system exists due to improper cleanup or resource release. Exploiting this vulnerability can allow an attacker to cause service failures...
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads the held lock is not released correctly which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
...
MariaDB 安全漏洞
MariaDB is the database management system of the Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine. a denial of service vulnerability exists in versions of MariaDB Server prior to 10.7, which originates in extra/mariabackup/dscompress.cc, and can be exploited...
CVE-2019-9815
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...
EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2019-2369)
According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different retu...
EulerOS 2.0 SP5 : 389-ds-base (EulerOS-SA-2019-1562)
According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most...
DEBIAN-CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during...
Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering
Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...
CVE-2018-7998
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...
Oracle Linux 7 : 389-ds-base (ELSA-2016-0204)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0204 advisory. - Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS Tenable has extracted the preceding...
Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation
By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...
Immunity Canvas: ADOBE_FLASH_DOMAINMEMORY_UAF
Name| adobeflashdomainMemoryuaf ---|--- CVE| CVE-2015-0313 Exploit Pack| CANVAS Description| adobeflashdomainMemoryuaf Notes| CVE Name: CVE-2015-0313 VENDOR: Adobe Notes: This module exploits a use-after free vulnerability on the Flash handling of the ApplicationDomain.currentDomain.domainMemory...
PYSEC-2010-33
Withdrawn as duplicate of PYSEC-2010-32 ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...
Code injection
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...
Monkey HTTPd improper input validation vulnerability
census ID: census-2009-0004 URL: http://census-labs.com/news/2009/12/14/monkey-httpd/ CVE ID: Pending Affected Products: Monkey web server versions ? 0.9.2. Class: Improper Input Validation CWE-20, Incorrect Calculation CWE-682 Remote: Yes Discovered by: Patroklos Argyroudis We have discovered a...
Monkey Web Server Denial Of Service
census ID: census-2009-0004 URL: http://census-labs.com/news/2009/12/14/monkey-httpd/ CVE ID: Pending Affected Products: Monkey web server versions ≤ 0.9.2. Class: Improper Input Validation CWE-20, Incorrect Calculation CWE-682 Remote: Yes Discovered by: Patroklos Argyroudis We have discovered a...
CVE-1999-0723
The Windows NT Client Server Runtime Subsystem CSRSS can be subjected to a denial of service when all worker threads are waiting for user input...
CVE-1999-0723
The Windows NT Client Server Runtime Subsystem CSRSS can be subjected to a denial of service when all worker threads are waiting for user input...