#dos

Ubuntu Security Notice 6604-2 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.

WS_FTP Server version 5.0.5 remote denial of service exploit.

httpdx version 1.5.1 remote denial of service exploit.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Hitron Systems Equipment: DVR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the product through exploitation of an improper input validation vulnerability and default credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitron Systems DVR, a digital video recorder, are affected: DVR HVR-4781: Versions 1.03 through 4.02 DVR HVR-8781: Versions 1.03 through 4.02 DVR HVR-16781: Versions 1.03 through 4.02 DVR LGUVR-4H: Versions 1.02 through 4.02 DVR LGUVR-8H: Versions 1.02 through 4.02 DVR LGUVR-16H: Versions 1.02 through 4.02 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An improper input validation vulnerability exists in Hitron Systems DVR HVR-4781 versions 1.03 thro...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to use specifically crafted communication requests to perform a denial-of-service condition, memory overwriting, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: LP30 Operator Panel: Versions prior to V3.5.19.0 LP40 Operator Pane: Versions prior to V3.5.19.0 LP50 Operator Panel: Versions prior to V3.5.19.0 BM40 Operator Panel: Versions prior to V3.5.19.0 3.2 Vulnerability Overview 3.2.1 IMPROPER VALIDATION OF CONSISTENCY WITHIN INPUT CWE-1288 After successful authentication, specifically c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX OPC Server DA/UA (Software packaged with MC Works64) Vulnerabilities: Missing Authentication for Critical Function, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service (DoS) condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric FA Engineering Software Products, are affected: EZSocket: Versions 3.0 and later FR Configurator2: All versions GT Designer3 Version1(GOT1000): All versions GT Designer3 Version1(GOT2000): All versions GX Works2: Versions 1.11M and later GX Works3: All ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device by exploiting a Denial-of-Service (DoS) vulnerability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ControlLogix and GuardLogix programmable logic controllers are affected: ControlLogix 5570: Firmware version 20.011 ControlLogix 5570 redundant: Firmware versions 20.054_kit1 GuardLogix 5570: Firmware version 20.011 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 A Denial-of-Service (DoS) vulnerability exists that, if exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart i...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker with network access to run arbitrary commands, access sensitive information, cause a denial-of-service condition, and bypass authentication to acquire admin capabilities. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson Rosemount Gas Chromatographs are affected: GC370XA: Version 4.1.5 GC700XA: Version 4.1.5 GC1500XA: Version 4.1.5 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. CVE-2023-46687 ha...

An issue discovered in Craft CMS version 4.6.1.1 allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and