CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-2746
https://notcve.org/view.php?id=CVE-2017-2746
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service. Se han identificado vulnerabilidades de seguridad potenciales con HP JetAdvantage Security Manager en versiones anteriores a la 3.0.1. Las vulnerabilidades podrían explotarse para permitir Cross-Site Scripting (XSS) persistente, que permitiría que un hacker cree una denegación de servicio (DoS). • https://support.hp.com/us-en/document/c05639510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2745
https://notcve.org/view.php?id=CVE-2017-2745
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser. Se han identificado vulnerabilidades de seguridad potenciales con HP JetAdvantage Security Manager en versiones anteriores a la 3.0.1. La vulnerabilidad podría explotarse para permitir Cross-Site Scripting (XSS) persistente, que permitiría que un hacker ejecute scripts en el navegador de un usuario. • https://support.hp.com/us-en/document/c05639510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14358
https://notcve.org/view.php?id=CVE-2017-14358
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. Vulnerabilidad de redirección de URL a un sitio no fiable en HP ArcSight ESM y HP ArcSight ESM Express, en cualquier versión 6.x anterior a la 6.9.1c Patch 4 o versión 6.11.0 Patch 1. Esta vulnerabilidad podría explotarse de forma remota para permitir una redirección de URL a un sitio no fiable. • https://softwaresupport.hpe.com/km/KM02996760 https://www.auscert.org.au/bulletins/54166 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-14356
https://notcve.org/view.php?id=CVE-2017-14356
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. Vulnerabilidad de inyección SQL en HP ArcSight ESM y HP ArcSight ESM Express, en cualquier versión 6.x anterior a la 6.9.1c Patch 4 o versión 6.11.0 Patch 1. Esta vulnerabilidad podría explotarse de forma remota para permitir una inyección SQL. • http://www.securityfocus.com/bid/101627 https://softwaresupport.hpe.com/km/KM02996760 https://www.auscert.org.au/bulletins/54166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •