#dos

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

Debian Linux Security Advisory 5583-1 - A buffer overflow was discovered in the AV1 video plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Linux Security Advisory 5582-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails.

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to decode the message.

Red Hat Security Advisory 2023-7612-03 - A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Issues addressed include a denial of service vulnerability.

### Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. ### Patches Patches are available for Grails 3 and later. ### Workarounds No workaround is possible except to avoid data binding to request data. ### References - [Blog post](https://grails.org/blog/2023-12-20-cve-data-binding-dos.html) - [Discussion](https://github.com/grails/grails-core/issues/13302) - [Mitre CVD record](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46131)

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from 2.10.0 through 2.10.4, from 2.11.0 through 2.11.1, 3.0.0. The known risks include a denial of service due to the WebSocket Proxy accepting any connections, and excessive data transfer due to misuse of the WebSocket ping/pong feature. 2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5. 2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2. 3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1. 3.1 Pulsar WebSocket Proxy users are unaffected. Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier should upgrade to one of the above patched versions.