#dos

Ubuntu Security Notice 6860-1 - Reynir Bjoernsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. Reynir Bjoernsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service.

Red Hat Security Advisory 2024-4271-03 - Red Hat AMQ Broker 7.12.1 is now available from the Red Hat Customer Portal. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4260-03 - An update for python-idna is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4259-03 - An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4252-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports that the following versions of ICONICS Product Suite are affected: ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 (CVE-2022-2650, CVE-2023-4807) AlarmWorX Multimedia (AlarmWorX64 MMX): All versions prior to 10.97.3 (CVE-2024-1182) MobileHMI: All versions prior to 10.97.3 (CVE-2024-1573) ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: All versions prior to 10.97.3 (CVE-2024-...

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.