#dos

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.

## Summary: Sending a specially crafted intent with an invalid/empty extras `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. sending the intent repeatedly can prevent the app using this plugin from working, resulting in a denial of service (DoS) condition. ## Impact A 3rd party app/remote attacker can exploit this vulnerability by sending a malicious intent to the target device, causing the app using this plugin from working to crash or become unresponsive, resulting in a denial of service (DoS) condition. ## Mitigation Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute `android:exported` of this code snippet in plugin.xml to `false`: ```xml <config-file target="AndroidManifest.xml" parent="application"> <activity android:name="de.niklasmerz.cordova.biometric.BiometricActivity" android:theme="@style/TransparentTheme" androi...

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to reset the memory of the products to factory default state and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSEC-F series programmable controllers are affected if they are used with ethernet communication special adapter FX3U-ENET-ADP or ethernet communication block FX3U-ENET(-L) with the exception of "FX3GE-xMy/z x=24,40, y=T,R, z=ES,ESS,DS,DSS". Some of these products are sold in limited regions, see the Mitsubishi Electric advisory for details: MELSEC-F series FX3U-xMy/z x=16,32,48,64,80,128, y=T,R, z=ES,ESS,DS,DSS: All versions MELSEC-F series FX3U-32MR/UA1, FX3U-64MR/UA1: A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition. The impact of this vulnerability will persist while the attacker continues to attempt the attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric MELSEC iQ-F Series products are affected (Products with * are sold in limited regions): FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 17X**** and later): All versions FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 179**** and prior): Versions 1.060 or later FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS (Serial number 17X**** and later): All versions FX5UC-xMy/z x=32,64,96...

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.