Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Rockwell Automation FactoryTalk ThinManager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ThinManager Vulnerabilities: Missing Authentication For Critical Function, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send crafted messages to the device resulting in database manipulation or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation FactoryTalk product versions are affected: ThinManager: Versions 11.2.0 to 11.2.9 ThinManager: Versions 12.0.0 to 12.0.7 ThinManager: Versions 12.1.0 to 12.1.8 ThinManager: Versions 13.0.0 to 13.0.5 ThinManager: Versions 13.1.0 to 13.1.3 ThinManager: Versions 13.2.0 to 13.2.2 ThinManager: Version 14.0.0 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 An authentication vulnerability exists in the affected product. The vulnerability could al...

us-cert
#vulnerability#web#dos#auth
Ex-Disney Employee Charged With Hacking Menu Database

In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.

Ubuntu Security Notice USN-7085-1

Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without requiring authentication, enabling attackers to disrupt system availability by repeatedly triggering server restarts.

Red Hat Security Advisory 2024-8572-03

Red Hat Security Advisory 2024-8572-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8567-03

Red Hat Security Advisory 2024-8567-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8543-03

Red Hat Security Advisory 2024-8543-03 - An update for the pki-core:10.6 and pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8534-03

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-8528-03

Red Hat Security Advisory 2024-8528-03 - An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

When Cybersecurity Tools Backfire

Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.