#dos

By Waqas The DDoS attacks occurred on January 17, 2023, and NetBlocks, a global internet monitoring platform, has confirmed the network disruption. This is a post from HackRead.com Read the original post: Anonymous Sudan’s DDoS Attacks Disrupt Network at Israeli BAZAN Group

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

Ubuntu Security Notice 6588-1 - Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

In some specific instances, the SurrealQL parser will attempt to recursively parse nested statements or idioms (i.e. nested `IF` and `RELATE` statements, nested basic idioms and nested access to attributes) without checking if the depth limit established by default or in the `SURREAL_MAX_COMPUTATION_DEPTH` environment variable is exceeded. This can lead to the stack overflowing when the nesting surpasses certain levels of depth. ### Impact An attacker that is authorized to run queries on a SurrealDB server may be able to run a query using the affected statements and idioms with very deep nesting in order to crash the server, leading to denial of service. ### Patches - Version 1.1.0 and later are not affected by this issue. ### Workarounds Concerned users unable to update may want to limit the ability of untrusted users to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to e...

The `ID`, `DB` and `NS` headers accepted by the SurrealDB HTTP REST API would fail to parse when containing some special characters. This would cause a panic which would crash the SurrealDB server, leading to denial of service. This issue only affects the SurrealDB binary; it does not affect the SurrealDB library. ### Impact An unauthenticated client may issue an HTTP request to the SurrealDB HTTP REST API containing one of the affected headers with values containing special characters in order to crash the SurrealDB server. This does not require the SurrealDB server to be running with any specific capabilities other than exposing the affected interface. ### Patches - Version 1.1.0 and later are not affected by this issue. ### Workarounds Concerned users unable to update may want to limit untrusted access to the SurrealDB HTTP REST API unless such access is required by the application. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure...

SpyCamLizard version 1.230 remote denial of service exploit.

Although custom parameters and functions are only supported at the database level, it was allowed to invoke those entities at the root or namespace level. This would cause a panic which would crash the SurrealDB server, leading to denial of service. ### Impact A client that is authorized to run queries at the root or namespace level in a SurrealDB server is able to run a query invoking a parameter or a function at that level, which will cause a panic. This will crash the server, leading to denial of service. ### Patches - Version 1.1.1 and later are not affected by this issue. ### Workarounds Concerned users unable to update may want to limit the ability of untrusted users to run arbitrary SurrealQL queries in the affected versions of SurrealDB to the database level. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure that the SurrealDB process is running so that it can be automatically re-started after a crash. ### References - #3297

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly, resulting in a denial of service.

An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.