Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2022-38567: Vuln/Tenda M3/formSetAdConfigInfo_ at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.

CVE
Open in Source
#vulnerability#web#dos#perl#buffer_overflow#auth
CVE-2022-38566: Vuln/Tenda M3/formEmailTest-mailname at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.

CVE-2022-38563: Vuln/Tenda M3/formSetFixTools_Mac at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.

CVE-2022-38562: Vuln/Tenda M3/formSetFixTools_lan at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.

CVE-2022-38570: Vuln/Tenda M3/formDelPushedAd at main · xxy1126/Vuln

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.

CVE-2022-2787: [SECURITY] [DSA 5213-1] schroot security update

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

CVE-2022-0216: scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (4367a20c) · Commits · QEMU / QEMU · GitLab

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

CVE-2022-0168: Invalid Bug ID

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

CVE-2022-0217: Prosody XMPP server advisory 2022-01-13 (Remote Denial of Service)

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).