Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Denial of Service

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to an unauthenticated Denial of Service (DoS) attack. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without requiring authentication, enabling attackers to disrupt system availability by repeatedly triggering server restarts.

Zero Science Lab
#dos#js#java#php#auth
GHSA-mjjw-553x-87pq: NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

GHSA-45pg-36p6-83v9: Langchain SQL Injection vulnerability

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

GHSA-6m59-8fmv-m5f9: @langchain/community SQL Injection vulnerability

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.

Apple Security Advisory 10-28-2024-5

Apple Security Advisory 10-28-2024-5 - macOS Ventura 13.7.1 addresses bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

Apple Security Advisory 10-28-2024-4

Apple Security Advisory 10-28-2024-4 - macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

Apple Security Advisory 10-28-2024-3

Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 10-28-2024-2

Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.

Apple Security Advisory 10-28-2024-1

Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

Russia Kneecaps Ukraine Army Recruitment With Spoofed 'Civil Defense' App

Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.