Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Debian Security Advisory 5479-1

Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
#linux#debian#dos#chrome
Ubuntu Security Notice USN-6297-1

Ubuntu Security Notice 6297-1 - It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service.

Ubuntu Security Notice USN-6298-1

Ubuntu Security Notice 6298-1 - Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

GHSA-9v66-9239-cqv2: Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the `Benchmark`, `PG_Sleep`, `DBMS_Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS_PIPE.RECEIVE_MESSAGE` functions.

CVE-2023-38905: [CVE-2023-38905] sys/duplicate/check SQL注入 · Issue #4737 · jeecgboot/jeecg-boot

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.

CVE-2023-39741: heap-buffer-overflow in libzpaq/libzpaq.cpp:1208:25 libzpaq::PostProcessor::write(int) · Issue #246 · ckolivas/lrzip

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

CVE-2023-2914: ThinManager® ThinServer™ Input Validation Vulnerabilities

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. When the ThinManager processes incoming messages, a read access violation occurs and terminates the process. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and causing a denial of service condition in the software.

Debian Security Advisory 5478-1

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

​ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​ICONICS reports these vulnerabilities affect the following products using OpenSSL: ​ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CLASSIC BUFFER OVERFLOW CWE-120 ​A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. ​CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...