#dos

BulletProof FTP Server version 2019.0.0.51 suffers from a denial of service vulnerability.

1. EXECUTIVE SUMMARY CVSS v3 8.8  ATTENTION: Exploitable remotely/low attack complexity  Vendor: Korenix  Equipment: Jetwave  Vulnerabilities: Command Injection, Uncontrolled Resource Consumption  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Korenix Jetwave, are affected:  Korenix JetWave4221 HP-E versions V1.3.0 and prior  Korenix JetWave 3220/3420 V3 versions prior to V1.7  Korenix JetWave 2212G version V1.3.T  Korenix JetWave 2212X/2112S version V1.3.0  Korenix JetWave 2211C versions prior to V1.6  Korenix JetWave 2411/2111 versions prior to V1.5  Korenix JetWave 2411L/2111L versions prior to V1.6  Korenix JetWave 2414/2114 versions prior to V1.4  Korenix JetWave 2424 versions prior to V1.3  Korenix JetWave 2460 versions prior to V1.6  3.2 VULNERABILITY OVERVIE...

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).

Ubuntu Security Notice 5999-1 - It was discovered that trim-newlines incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2023-1661-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.