#dos

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected: FX5U-32MT/ES: All versions FX5U-32MT/DS: All versions FX5U-32MT/ESS: All versions FX5U-32MT/DSS: All versions FX5U-64MT/ES: All versions FX5U-64MT/DS: All versions FX5U-64MT/ESS: All versions FX5U-64MT/DSS: All versions FX5U-80MT/ES: All versions FX5U-80MT/DS: All versions FX5U-80MT/ESS: All versions FX5U-80MT/DSS: All versions FX5U-32MR/ES: All versions FX5U-32MR/DS: All versions FX5U-64MR/ES: All versions FX5U-64MR/DS: All versions FX5U-80MR/ES: All versions FX5U-80MR/DS: All versions FX5UC-32MT/D: All ver...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Industrial Controls Equipment: Lynx+ Gateway Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Lynx+ Gateway are affected: Lynx+ Gateway: Version R08 Lynx+ Gateway: Version V03 Lynx+ Gateway: Version V05 Lynx+ Gateway: Version V18 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK PASSWORD REQUIREMENTS CWE-521 The affected product is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login. CVE-2025-55034 has been assigned to this vulnerability. A C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Policy Manager Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of FactoryTalk Policy Manager, a software tool that enables OT teams to design, deploy, and manage system-wide security policies using CIP Security and OPC UA standards, are affected: FactoryTalk Policy Manager: Versions 6.51.00 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Resource Shutdown or Release CWE-404 A vulnerability in Node.js HTTP servers may allow an attacker to send a specially crafted HTTP request with chunked encoding, which can lead to resource exhaustion and denial of service. The server reads an unbounded number of bytes from a singl...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely, put the device into a denial-of-service state, or change the behavior of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: LOGO! 12/24RCE (6ED1052-1MD08-0BA2): All versions SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2): All versi...

### Impact In affected versions, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups (JavaScript, Mobile Apps). ### Patches Patched in Bugsink 2.0.6 ### References The vulnerability in this security advisory is similar to, but distinct from, another brotli-related problem in Bugsink: https://github.com/bugsink/bugsink/security/advisories/GHSA-fc2v-vcwj-269v

### Impact In affected versions, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service. This can be done if the `DSN` is known, which it is in many common setups (JavaScript, Mobile Apps). ### Patches Patched in Bugsink `2.0.5`

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to "unlock the full speed and power of Gemini cloud models for AI experiences, while ensuring your personal data stays private to you and is not accessible to anyone else, not

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.