#dos

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation.

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.

Categories: Business Tags: Cisco Tags: small business series Tags: web interface Tags: CVE Tags: exploit Tags: root If you're using one of the affected products from the Cisco small business range, you need to patch immediately. (Read more...) The post Update now: 9 vulnerabilities impact Cisco Small Business Series appeared first on Malwarebytes Labs.

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.

Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.