Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2022-25231: Snyk Vulnerability Database | Snyk

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

CVE
Open in Source
#vulnerability#web#mac#ddos#dos#nodejs#js#git#java
CVE-2022-25304: Snyk Vulnerability Database | Snyk

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

GHSA-v65g-f3cj-fjp4: Regular expression denial of service in eth-account

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

CVE-2022-2923: NULL Pointer Dereference in function sug_filltree in vim

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239.

CVE-2021-29891: IBM OPENBMC denial of service CVE-2021-29891 Vulnerability Report

IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.

CVE-2022-1930: eth-account ReDoS | XRAY-248681

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

Gentoo Linux Security Advisory 202208-34

Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.

Gentoo Linux Security Advisory 202208-33

Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.