#dos

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Double Free, Use After Free, NULL Pointer Dereference, Buffer Access with Incorrect Length Value, Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, or gain unauthorized access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC S7-1500 TM MFP - BIOS: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 DOUBLE FREE CWE-415 In the Linux ...

### Summary ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. ### Impact This issue may lead to remote Denial of Service (DoS).

# Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj4v-hp69-27x5. This link is maintained to preserve external references. # Original Description Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

API attacks are constantly on the rise, with a recent alarming study showing that 59% of organizations give…

Microsoft's March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential.

Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: Schneider Electric Uni-Telway Driver: All versions Schneider Electric Uni-Telway Driver installed on Control Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert for AVEVA System Platform: All versions Schneider Electric Uni-Telway Driver installed on OPC Factory Server: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Schneider Electric Uni-Telway Driver is vulnerable to an improper input validation vulnerability that could cause denial-of-service of e...

Elon Musk has confirmed a massive cyberattack on his social media platform, X (once Twitter), causing widespread technical…

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.