#dos

Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.

Ubuntu Security Notice 6588-2 - USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

Ubuntu Security Notice 6716-1 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-1510-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-1509-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice 6707-3 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 6704-3 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6701-3 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a remote device and inject malicious code on the panel. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of C-MORE EA9 HMI, a display system used for interfacing with controllers, are affected: C-MORE EA9 HMI EA9-T6CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T7CL: Version 6.77 and prior C-MORE EA9 HMI EA0-T7CL-R: Version 6.77 and prior C-MORE EA9 HMI EA9-T8CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T10CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T10WCL: Version 6.77 and prior C-MORE EA9 HMI EA9-T12CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T15CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T15CL-R: Version 6.77 and prior C-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Access of Uninitialized Pointer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the application or allow an attacker to run harmful code on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of Arena Simulation Software are affected: Arena Simulation Software: version 16.00 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 An arbitrary code execution vulnerability could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code...