3 results (0.008 seconds)

CVSS: 7.8EPSS: 80%CPEs: 24EXPL: 2

CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame

https://notcve.org/view.php?id=CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability. • https://github.com/uthrasri/CVE-2021-28165 http://www.openwall.com/lists/oss-security/2021/04/20/3 https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0

CVE-2019-11486

https://notcve.org/view.php?id=CVE-2019-11486

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.openwall.com/lists/oss-security/2019/04/29/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-2964 – JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)

https://notcve.org/view.php?id=CVE-2018-2964

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104780 http://www.securitytracker.com/id/1041302 https://access.redhat.com/errata/RHSA-2018:2253 https://access.redhat.com/errata/RHSA-2018:2256 https://security.netapp.com/advisory/ntap-20180726-0001 https://access.redhat.com/security/cve/CVE-2018-2964 https://bugzilla.redhat.com/show_bug.cgi?id=1602142 •