CVE-2009-1139
published 2009-06-10CVE-2009-1139: Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows…
PriorityP345high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
39.13%
98.4th percentile
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
bugzilla·2016-05-09·CVSS 5.4
CVE-2016-4553 [MEDIUM] CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling
Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning.
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1334251]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1139 https://access.redhat.com/errata/RHSA-2016:1139
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2016:1140 htt
Bugzilla
CVE-2009-1889 pidgin: DoS via specially-crafted ICQWebMessage
bugzilla·2009-06-29·CVSS 5.0
CVE-2009-1889 [MEDIUM] CVE-2009-1889 pidgin: DoS via specially-crafted ICQWebMessage
CVE-2009-1889 pidgin: DoS via specially-crafted ICQWebMessage
An out-of-memory denial of service flaw was found in the Pidgin's
Open System for CommunicAtion in Realtime (OSCAR) protocol implementation.
If a remote ICQ user sent a web message to the local Pidgin user using this protocol, it would lead to excessive memory allocation and denial of service (Pidgin crash).
References:
http://developer.pidgin.im/ticket/9483
http://pidgin.im/pipermail/devel/2009-May/008227.html
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1139 https://rhn.redhat.com/errata/RHSA-2009-1139.html
---
pidgin-2.5.8-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it i
http://osvdb.org/54938http://secunia.com/advisories/35355http://support.avaya.com/elmodocs2/security/ASA-2009-214.htmhttp://www.securityfocus.com/bid/35225http://www.securitytracker.com/id?1022349http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1537https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253http://osvdb.org/54938http://secunia.com/advisories/35355http://support.avaya.com/elmodocs2/security/ASA-2009-214.htmhttp://www.securityfocus.com/bid/35225http://www.securitytracker.com/id?1022349http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1537https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253
2009-06-10
Published