#dos

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), Heap-based Buffer Overflow, Incorrect User Management, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated malicious user to interact with the services and the post-authentication attack surface. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy FOXMAN-UN: All versions prior to R15A Hitachi Energy FOXMAN-UN: R15B (CVE-2024-28020, CVE-2024-28022, CVE-2024-28024) Hitachi Energy FOXMAN-UN: R15B PC4 (CVE-2024-2013, C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Belledonne Communications Equipment: Linphone-Desktop Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Linphone-Desktop is affected: Linphone-Desktop: Version 5.2.6 3.2 VULNERABILITY OVERVIEW 3.2.1 NULL POINTER DEREFERENCE CWE-476 The affected product is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition. CVE-2025-0430 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-2025-0430. A base score of 8.7 has been calculated; the CVSS vector st...

**How could an attacker exploit the vulnerability?** An authenticated attacker could make specially crafted API calls that lead to a Denial of Service.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could use a specially crafted application to leverage a protocol vulnerability in Windows Kerberos to perform a denial of service attack against the target.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?** As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).