Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-20244: Cisco Security Advisory: Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability

A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.

CVE
#vulnerability#web#cisco#dos#perl#auth
CVE-2023-20086: Cisco Security Advisory: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ICMPv6 Message Processing Denial of Service Vulnerability

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVE-2023-4452: EDR-810/G902/G903 Series Web Server Buffer Overflow Vulnerability

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

Mozi Botnet Takedown: Who Killed the IoT Zombie Botnet?

By Waqas The Mozi Botnet, one of the largest IoT botnets, has been taken down, but the responsible party remains unknown. This is a post from HackRead.com Read the original post: Mozi Botnet Takedown: Who Killed the IoT Zombie Botnet?

CVE-2023-1718: (CVE-2023-1718) Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

CVE-2023-42750

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-39610: publications/1.TP-Link Tapo C100 - HTTP Denial-Of-Service at main · zn9988/publications

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

CVE-2023-41377: Move TLS handshake to per-connection goroutine by fasaxc · Pull Request #7993 · projectcalico/calico

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.

CVE-2023-45955: IoT-Fuzz/Nanoleaf Lightstrip Vulnerability Report.pdf at main · IoT-Fuzz/IoT-Fuzz

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.

Ubuntu Security Notice USN-6460-1

Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.