Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

The Hacker News
Open in Source
#sql#vulnerability#mac#dos#rce#buffer_overflow#auth#zero_day#The Hacker News
GHSA-4553-hq82-8654: Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references. ### Original Description encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter.

Ubuntu Security Notice USN-6566-1

Ubuntu Security Notice 6566-1 - It was discovered that SQLite incorrectly handled certain protection mechanisms when using a CLI script with the --safe option, contrary to expectations. This issue only affected Ubuntu 22.04 LTS. It was discovered that SQLite incorrectly handled certain memory operations in the sessions extension. A remote attacker could possibly use this issue to cause SQLite to crash, resulting in a denial of service.

Easy File Sharing FTP Server 2.0 Denial Of Service

Easy File Sharing FTP Server version 2.0 suffers from a denial of service vulnerability.

Red Hat Security Advisory 2024-0046-03

Red Hat Security Advisory 2024-0046-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Mitsubishi Electric Factory Automation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Factory Automation Products Vulnerabilities: Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disclose information in the product or could cause denial-of-service (DoS) condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Factory Automation products are affected: GT SoftGOT2000: Versions 1.275M to 1.290C (CVE-2023-0286) OPC UA Data Collector: Versions 1.04E and prior (CVE-2023-0286) MX OPC Server UA (Software packaged with MC Works64): Versions 3.05F and later (Packaged with MC Works64 Version 4.03D and later) (CVE-2022-4304) OPC UA Server Unit: All versions (CVE-2022-4304) FX5-OPC: Versions 1.006 and prior (CVE-2022-4304, CVE-2022-4450) 3.2 Vulnerability Overview 3.2.1 OBSERVABLE TIMING DISCREPANCY ...

minaliC 2.0.0 Denial Of Service

minaliC version 2.0.0 suffers from a denial of service vulnerability.

GHSA-264p-99wq-f4j6: Ion Java StackOverflow vulnerability

### Impact A potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to: * Deserialize Ion text encoded data, or * Deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. Impacted versions: <1.10.5 ### Patches The patch is included in `ion-java` >= 1.10.5. ### Workarounds Do not load data which originated from an untrusted source or that could have been tampered with. **Only load data you trust.** ---- If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public Git...

GHSA-8rfx-6mr3-5jh3: Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. ### Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

GHSA-hf3r-vmrv-7w29: Duplicate Advisory: Denial of service in CBOR library

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r92-cgxc-r5fg. This link is maintained to preserve external references. ### Original Description PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.