#dos

Apple Security Advisory 10-25-2023-1 - iOS 17.1 and iPadOS 17.1 addresses bypass, code execution, and use-after-free vulnerabilities.

Ubuntu Security Notice 6452-1 - It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Centralite Equipment: Pearl Thermostat Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Centralite Pearl Thermostat are affected: Pearl Thermostat: version 0x04075010 3.2 Vulnerability Overview 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a denial of service (DoS) via a crafted Zigbee message. CVE-2023-24678 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facil...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Site Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the product to become unavailable and require a restart to recover resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of FactoryTalk View Site Edition are affected: FactoryTalk View Site Edition: V11.0 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 FactoryTalk View Site Edition V11.0 insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. CVE-2023-46289 has been assigned to this vulnerability. A ...

Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.