Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

GHSA-jr77-8gx4-h5qh: MessagePack for Golang subject to DoS via Unmarshal panic

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1.

ghsa
Open in Source
#dos#git
CVE-2021-0185: INTEL-SA-00708

Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2022-41719: Many panics/crashes when fuzzing · Issue #31 · shamaton/msgpack

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.

Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises

KmsdBot takes advantage of SSH connections with weak login credentials to mine currency and deplete network resources, as it gains a foothold on enterprise systems.

GHSA-2p9h-ccw7-33gf: cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.

GHSA-4r6j-fwcx-94cf: snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method

GHSA-5jqp-885w-xj32: pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method

CVE-2022-39368: Failing DTLS handshakes may cause throttling to block processing of records

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f

CVE-2022-3818

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance.

CVE-2022-41053

Windows Kerberos Denial of Service Vulnerability.