Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-28233: Windows Secure Channel Denial of Service Vulnerability

**Does this vulnerability affect all versions of TLS?** No. Only those devices running TLS 1.3 are affected. For more information on supported TLS implementations please visit: https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

Microsoft Security Response Center
#vulnerability#web#windows#microsoft#dos#auth#ssl#Windows Secure Channel#Security Vulnerability
CVE-2023-24860: Microsoft Defender Denial of Service Vulnerability

References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability 1.1.20100.6 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.20200.4 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kep...

CVE-2023-28217: Windows Network Address Translation (NAT) Denial of Service Vulnerability

The following mitigating factors might be helpful in your situation: This vulnerability is limited to attacker traffic inside the NAT firewall. An enterprise perimeter firewall can be used to mitigate this attack. A NAT firewall works by only allowing requested internet traffic to pass through the gateway. Internet routed network traffic cannot attack the Windows Network Address Translation Service for this vulnerability.

CVE-2023-26121: Snyk Vulnerability Database | Snyk

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

CVE-2022-38604: Wacom Driver Arbitrary File Deletion Vulnerability

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CVE-2022-43293: Wacom Driver Arbitrary File Write\Overwrite Vulnerability

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

CVE-2023-27191

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.

Demystifying risk using CVEs and CVSS

<p>For some time now, the conversation around what poses risk in software vulnerabilities has been evolving. It has been gratifying to hear other voices amplifying what I, and generally Red Hat, have been saying for years: not all vulnerabilities in software matter, and not all vulnerabilities in software are created equal. A number of industry leaders in the security space have been saying this, and those voices are becoming louder and harder to ignore. More importantly, as I talk to customers, the message is beginning to resonate. And that’s for one simple reason:</p&a

CVE-2023-1916: tiffcrop: heap-buffer-overflow in file tiffcrop.c, line 7874 (#537) · Issues · libtiff / libtiff · GitLab

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

CVE-2023-1668: security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.