#dos

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT Update Manager Vulnerabilities: Integer Underflow (Wrap or Wraparound), Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or cause a denial-of-service (DoS) condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSOFT Update Manager are affected: MELSOFT Update Manager SW1DND-UDM-M: Versions 1.000A to 1.012N 3.2 VULNERABILITY OVERVIEW 3.2.1 INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191 Mitsubishi Electric MELSOFT Update Manager is vulnerable to an Integer Underflow vulnerability in 7-zip, included in MELSOFT Update Manager, that could allow a remote attacker to execute arbitrary code by decompressing a specially crafted compressed file. As a result, the attacke...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650 and SAM600-IO Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a denial-of-service that disrupts critical functions in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy Relion 650: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 650: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 650: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy Relion 670: 2.2.2.6 Hitachi Energy Relion 670: 2.2.3.7 Hitachi Energy Relion 670: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 670: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 670: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy SAM600-IO: All versions from 2....

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

### Summary Sending transactions with fees different than native Babylon genesis denom (`ubbn`) leads to chain halt. ### Impact Denial of Service - Due to panic in the `x/distribution` module `BeginBlocker` triggered by a error when sending fees from `feeCollector` to `x/distribution` module - https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/keeper/allocation.go#L28 Babylon Genesis will halt

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

### Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. ### Patches In OpenBao v2.2.2 and later, manually setting the configuration option `disable_unauthed_rekey_endpoints=true` allows an operator to deny these rarely-used endpoints on global listeners. In a future OpenBao release [communicated on our website](https://openbao.org/docs/deprecation/), we will set this to `true` for all users and provide an authenticated alternative. This vulnerability has been disclosed to HashiCorp; see their website for more information. ### Workarounds If an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. ### References See the [deprecation notice](https://openbao.org/docs/deprecation/unauthed-rekey/).

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In response, we’ve developed and deployed a new mitigation in Windows 11 called RedirectionGuard.

What happens in the privacy of your own home stays there. Or does it?

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerabilities: Improper Input Validation, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon Controllers M241: Versions prior to 5.3.12.51 Modicon Controllers M251: Versions prior to 5.3.12.51 Modicon Controllers M262: Versions prior to 5.3.9.18 (CVE-2025-3898, CVE-2025-3117) Modicon Controllers M258: All versions (CVE-2025-3905, CVE-2025-3116, CVE-2025-3117) Modicon Controllers LMC058: All versions (CVE-2025-3905, CVE-2025-3116, CVE-2025-3117) 3.2 VULNERABILITY OVERVIEW 3.2.1 ...