#dos

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.

readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Ubuntu Security Notice 5644-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Ubuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.