#dos

Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in <https://github.com/briansmith/webpki/issues/69> and re-reported recently by Luke Malinowski. `rustls-webpki` is a fork of this crate which contains a fix for this issue and is actively maintained.

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.

A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play feature.

1. EXECUTIVE SUMMARY ​CVSS v3 7.5  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: OPTO 22  ​Equipment: SNAP PAC S1  ​Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements, Improper Access Control, Uncontrolled Resource Consumption  2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to brute force passwords, access certain device files, or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following version of SNAP PAC S1, an industrial programmable automation controller, is affected:  ​SNAP PAC S1 Firmware: Version R10.3b  3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307  ​There is no limit on the number of login attempts. This could allow a brute force attack on the built-in web server login.  ​CVE-2023-40706 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigne...

1. EXECUTIVE SUMMARY ​CVSS v3 8.6  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: Rockwell Automation   ​Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR Series A, 1732E-12X4M12QCDR Series A, 1732E-16CFGM12QCR Series A, 1732E-16CFGM12P5QCR Series A, 1732E-12X4M12P5QCDR Series A, 1732E-16CFGM12P5QCWR Series B, 1732E-IB16M12R Series B, 1732E-OB16M12R Series B, 1732E-16CFGM12R Series B, 1732E-IB16M12DR Series B, 1732E-OB16M12DR Series B, 1732E-8X8M12DR Series B, 1799ER-IQ10XOQ10 Series B  ​Vulnerability: Out-of-Bounds Write  2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service on the affected products.   3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of select Input/Output Modules from Rockwell Automation are affected:  ​1734-AENT/1734-AENTR Series C: Versions 7.011 and prior   ​1734-AENT/173...

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file