Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors. "OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to

The Hacker News
Open in Source
#vulnerability#dos#auth#The Hacker News
Schneider Power Meter Vulnerability Opens Door to Power Outages

A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.

CVE-2020-20502: Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) · Issue #27 · yzmcms/yzmcms

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.

Ubuntu Security Notice USN-6179-1

Ubuntu Security Notice 6179-1 - It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6178-1

Ubuntu Security Notice 6178-1 - It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow.

Red Hat Security Advisory 2023-3677-01

Red Hat Security Advisory 2023-3677-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3665-01

Red Hat Security Advisory 2023-3665-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

CVE-2023-34597: FIBARO | Motion Sensor - Motion detector

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

CVE-2023-34596: IoT-CVE/Aeotec WallMote Switch Vulnerability Report.pdf at main · iot-sec23/IoT-CVE

A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models

Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability is currently awaiting analysis. The list of impacted products are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000,