#dos

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bosch Rexroth Equipment: IndraDrive Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Bosch Rexroth reports that the following versions of IndraDrive, servo drive system, are affected: Bosch Rexroth AG IndraDrive FWA-INDRV*-MP*: 17VRS < 20V36 3.2 Vulnerability Overview 3.2.1 Uncontrolled Resource Consumption CWE-400 A vulnerability in the PROFINET stack implementation of the IndraDrive of Bosch Rexroth allows an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. CVE-2024-48989 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3....

Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.

Debian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Red Hat Security Advisory 2024-8935-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8929-03 - An update for mod_jk is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2024-8928-03 - An update for mod_jk is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2024-8906-03 - A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Issues addressed include bypass, denial of service, memory leak, remote SQL injection, and traversal vulnerabilities.

Red Hat Security Advisory 2024-8686-03 - Red Hat OpenShift Container Platform release 4.16.20 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Ubuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.