#dos

Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.

### Impact A XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. ### Patches The users should aim to use the latest released version compatible with their Neo4j version. The minimum versions containing patch ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year. "CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24,

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.