#dos

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().

RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.

By Waqas The National Crime Agency (NCA) has conducted a sting operation to infiltrate the cybercrime market with fake DDoS sites for Operation Power Off. This is a post from HackRead.com Read the original post: UK’s NCA infiltrates cybercrime market with fake DDoS sites

An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.

Ubuntu Security Notice 5971-1 - It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. These issues only affected Ubuntu 14.04 ESM and Ubuntu 18.04 LTS.

Ubuntu Security Notice 5970-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.

Ubuntu Security Notice 5969-1 - It was discovered that gif2apng contained multiple heap-base overflows. An attacker could potentially exploit this to cause a denial of service.

Debian Linux Security Advisory 5377-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.