#dos

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause denial-of-service condition in the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following industrial products are affected: AI Model Deployer: versions prior to V1.1 Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI): versions prior to V0.0.6 LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0): versions prior to V2.4 SIMATIC PCS n...

Ubuntu Security Notice 6998-1 - It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. It was discovered that Unbound incorrectly handled memory in cfg_mark_ports, which could lead to a heap buffer overflow. A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2024-6576-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6569-03 - An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6568-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8.10. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6560-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-6536-03 - Red Hat AMQ Streams 2.5.2 is now available from the Red Hat Customer Portal. Issues addressed include bypass, denial of service, information leakage, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-6529-03 - An update for dovecot is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and resource exhaustion vulnerabilities.

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.

Ubuntu Security Notice 6997-1 - It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.