Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CISO Corner: Critical Infrastructure Misinformation; France's Atos Bid

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Inside China's civilian hacker army; outer space threats; and NIST 2.0 Framework secrets for success.

DARKReading
#vulnerability#ddos#dos#git#auth
Red Hat Security Advisory 2024-4035-03

Red Hat Security Advisory 2024-4035-03 - An update for ovn-2021 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4034-03

Red Hat Security Advisory 2024-4034-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

GHSA-9gxx-58q6-42p7: Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

### Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. ### Patches The issue was patched in lnd [v0.17.0](https://github.com/lightningnetwork/lnd/releases/tag/v0.17.0-beta). Users should update to a version >= v0.17.0 to be protected. ### References Detailed blog post: https://morehouse.github.io/lightning/lnd-onion-bomb/ Developer discussion: https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979

DDoS Attack Targets Poland's UEFA Euro Opening Match

The stream was briefly knocked offline, preventing millions of fans from accessing the game. Poland's head of digital services says "all leads lead to the Russian Federation."

GHSA-9442-gm4v-r222: Undertow's url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.

Westermo L210-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: L210-F2G Lynx Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Westermo L210-F2G industrial ethernet switches are affected: L210-F2G Lynx: version 4.21.0 3.2 Vulnerability Overview 3.2.1 Cleartext Transmission of Sensitive Information CWE-319 Plain text credentials and session ID can be captured with a network sniffer. CVE-2024-37183 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2024-37183. A base score of 6.9 has been calculated; the CVSS v...

Ubuntu Security Notice USN-6842-1

Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.