Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Red Hat Security Advisory 2023-5715-01

Red Hat Security Advisory 2023-5715-01 - An update for the nginx:1.20 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

Packet Storm
Open in Source
#vulnerability#web#linux#red_hat#ddos#dos#js#nginx
Red Hat Security Advisory 2023-5712-01

Red Hat Security Advisory 2023-5712-01 - An update for the nginx:1.20 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5701-01

Red Hat Security Advisory 2023-5701-01 - An update is now available for Red Hat Ansible Automation Platform 2.3. Issues addressed include a denial of service vulnerability.

GHSA-c59h-r6p8-q9wc: Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

CVE-2023-46298: Missing cache control directive for server side props response when using middleware and prefetch · Issue #45301 · vercel/next.js

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

CVE-2023-38735: Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.

CVE-2023-45680: stb/stb_vorbis.c at 5736b15f7ea0ffb08dd38af21067c314d6a3aae9 · nothings/stb

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.

CVE-2023-45664: GHSL-2023-145_GHSL-2023-151/GHSL-2023-165_GHSL-2023-172: Several memory access violations in stb_image and stb_vorbis

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service

VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.