Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-2898: [f2fs-dev] [PATCH] f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

CVE
Open in Source
#linux#dos#git
CVE-2023-2857: Heap buffer overflow vulnerability in BLF reader (#19063) · Issues · Wireshark Foundation / wireshark · GitLab

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2856: 2023/CVE-2023-2856.json · master · GitLab.org / cves · GitLab

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2879: Fuzz job crash output: fuzz-2023-05-13-7062.pcap (#19068) · Issues · Wireshark Foundation / wireshark · GitLab

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2855: 2023/CVE-2023-2855.json · master · GitLab.org / cves · GitLab

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2858: Wireshark • wnpa-sec-2023-15 NetScaler file parser crash

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-28320

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device’s MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.

GHSA-xf96-w227-r7c4: Spring Boot Welcome Page Denial of Service

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. Specifically, an application is vulnerable if all of the conditions are true: * The application has Spring MVC auto-configuration enabled. This is the case by default if Spring MVC is on the classpath. * The application makes use of Spring Boot's welcome page support, either static or templated. * Your application is deployed behind a proxy which caches 404 responses. Your application is NOT vulnerable if any of the following are true: * Spring MVC auto-configuration is disabled. This is true if WebMvcAutoConfiguration is explicitly excluded, if Spring MVC is not on the classpath, or if spring.main.web-application-type is set to a value other than SERVLET. * The application does not use Spring Boot's welcome page support. * You do not have a proxy which...