#dos

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center are affected: PowerSYSTEM Center: PSC 2020 v5.21.x and prior 3.2 Vulnerability Overview 3.2.1 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918 Vulnerable versions of PowerSYSTEM Center utilize Axios NPM package 0.21.0, which contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. CVE-2020-28168 has been assi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, an industrial energy management system, are affected: DIAEnergie: Versions v1.10.01.008 and prior. 3.2 Vulnerability Overview 3.2.1 SQL Injection CWE-89 Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product. CVE-2024-43699 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculat...

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.

This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai,…

ALEOS versions 4.16 and below denial of service proof of concept exploit.

Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.

Ubuntu Security Notice 7003-5 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. ## Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.