Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

GHSA-q98f-2x4p-prjr: Exposure of debug and metrics endpoints in Pomerium

### Impact In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. ### Patches v0.17.1 ### Workarounds Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium's own proxy service. ### References https://github.com/pomerium/pomerium/pull/3212 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Pomerium](https://github.com/pomerium/pomerium) * Email us at [[email protected]](mailto:[email protected])

ghsa
#vulnerability#dos#git#auth
CISA Flags ICS Bugs in Baxter, Mitsubishi Products

The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.

Debian Security Advisory 5766-1

Debian Linux Security Advisory 5766-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Ubuntu Security Notice USN-6993-1

Ubuntu Security Notice 6993-1 - It was discovered that Vim incorrectly handled memory when closing a window, leading to a double-free vulnerability. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. It was discovered that Vim incorrectly handled memory when adding a new file to an argument list, leading to a use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service.

Ubuntu Security Notice USN-6992-1

Ubuntu Security Notice 6992-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

Red Hat Security Advisory 2024-6313-03

Red Hat Security Advisory 2024-6313-03 - An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

GHSA-cq38-jh5f-37mq: sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

### Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these data structures is computationally expensive. This can be used to consume excessive CPU resources, leading to a denial of service attack. TUF's security model labels this type of vulnerability an "Endless data attack," and can lead to verification failing to complete and disrupting services that rely on sigstore-go for verification. The vulnerable loops are in the verification functions in the package `github.com/sigstore/sigstore-go/pkg/verify`. The first is the DSSE envelope verification loop in `verifyEnvelopeWithArtifact`, which decodes all the digests in an attestation can be found here: https://github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/...

GHSA-c34r-238x-f7qx: Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

### Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. ### Details The application enables the creation of message templates that are sent via email to Fides Privacy Center users (data subjects) who raise privacy requests such as data subject access requests or consent management requests via the Privacy Center. These emails are triggered at various points in the request processing flow, for example when a request is denied or approved. The messages are defined using Jinja2 templates, allowing the use of statement and expression directives to craft more complex messages that includ...

Ubuntu Security Notice USN-6985-1

Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

GHSA-g5jh-57wm-p79m: Missing connection timeout in Aardvark-dns

A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.