Page 62 of 1963 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2020-1722 – ipa: No password length restriction leads to denial of service

https://notcve.org/view.php?id=CVE-2020-1722

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de ipa 4.x.x hasta 4.8.0. Cuando se envía una contraseña muy larga al servidor (mayores o iguales a 1,000,000 caracteres), el proceso de hashing de contraseña podría agotar la memoria y la CPU, conllevando a una denegación de servicio y el sitio web dejaría de responder. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-1722 https://bugzilla.redhat.com/show_bug.cgi?id=1793071 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 2%CPEs: 54EXPL: 0

CVE-2020-11868 – ntp: DoS on client ntpd using server mode packet

https://notcve.org/view.php?id=CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido. A flaw was found in the Network Time Protocol (NTP), where a security issue exists that allows an off-path attacker to prevent the Network Time Protocol daemon (ntpd) from synchronizing with NTP servers not using authentication. A server mode packet with a spoofed source address sent to the client ntpd causes the next transmission to be rescheduled, even if the packet does not have a valid origin timestamp. If the packet is sent to the client frequently enough, it stops polling the server and is unable to synchronize with it. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html http://support.ntp.org/bin/view/Main/NtpBug3592 https://bugzilla.redhat.com/show_bug.cgi?id=1716665 https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html https://security.gentoo.org/glsa/202007-12 https://security.netapp.com/advisory/ntap-20200424-0002 https://www.oracle.com//security-alerts/cpujul2021.html https://access&# • CWE-346: Origin Validation Error CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts

https://notcve.org/view.php?id=CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también se conoce como CID-53a712bae5dd. A flaw was found in the way Linux kernel running on the Power9 processor saves and restores its registers while going in and coming out of an idle state. The issue occurs when a guest kernel has Kernel Userspace Address Protection (KUAP) feature enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0 https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0 https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April • CWE-393: Return of Wrong Status Code •

CVSS: 3.7EPSS: 0%CPEs: 7EXPL: 1

CVE-2019-14850 – nbdkit: denial of service due to premature opening of back-end connection

https://notcve.org/view.php?id=CVE-2019-14850

A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. Se detectó una vulnerabilidad de denegación de servicio en nbdkit versiones 1.12.7, 1.14.1 y 1.15.1. Un atacante podría conectarse al servicio nbdkit y causar que hiciera una gran cantidad de trabajo en la inicialización de plugins de backend, simplemente abriendo una conexión al servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1757258 https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html https://access.redhat.com/security/cve/CVE-2019-14850 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2

CVE-2020-10696 – buildah: Crafted input tar file may lead to local file overwrite during image build process

https://notcve.org/view.php?id=CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. Se detectó un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante engañar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos. A path traversal flaw was found in Buildah. • https://access.redhat.com/security/cve/cve-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 https://github.com/containers/buildah/pull/2245 https://access.redhat.com/security/cve/CVE-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=1817651 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •