Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Debian Security Advisory 5408-1

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

Packet Storm
#web#mac#linux#debian#dos#js#ssh
eBankIT 6 Arbitrary OTP Generation

In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation.

Cyber Warfare Lessons From the Russia-Ukraine Conflict

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

CVE-2023-33297: Improve performance of p2p inv to send queues by ajtowns · Pull Request #27610 · bitcoin/bitcoin

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

Update now: 9 vulnerabilities impact Cisco Small Business Series

Categories: Business Tags: Cisco Tags: small business series Tags: web interface Tags: CVE Tags: exploit Tags: root If you're using one of the affected products from the Cisco small business range, you need to patch immediately. (Read more...) The post Update now: 9 vulnerabilities impact Cisco Small Business Series appeared first on Malwarebytes Labs.

CVE-2023-30775: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (#464) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

CVE-2023-20881: CVE-2023-20881: CAs for syslog-drain mtls feature can be overwritten | Cloud Foundry

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.

Ubuntu Security Notice USN-6092-1

Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

Red Hat Security Advisory 2023-3167-01

Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.