Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-39619: Vulnerability inside the node-email-check npm package through version 1.0.4

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.

CVE
Open in Source
#vulnerability#dos#nodejs#js#git
CVE-2023-26573: Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

CVE-2023-5753: Buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c

CVE-2022-0353: Lenovo Diagnostics Vulnerabilities - Lenovo Support US

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

GHSA-hrfv-mqp8-q5rw: Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.

A Cybersecurity Framework for Mitigating Risks to Satellite Systems

Cyber threats on satellite technology will persist and evolve. We need a comprehensive cybersecurity framework to protect them from attackers.

Debian Security Advisory 5533-1

Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Ubuntu Security Notice USN-6451-1

Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6362-2

Ubuntu Security Notice 6362-2 - USN-6362-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.