Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-0797: Merge branch 'tiffcrop_R270_fix#492' into 'master' (afaabc3e) · Commits · libtiff / libtiff · GitLab

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVE
Open in Source
#dos#git#auth
CVE-2023-0800: 2023/CVE-2023-0800.json · master · GitLab.org / cves · GitLab

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVE-2023-0802: 2023/CVE-2023-0802.json · master · GitLab.org / cves · GitLab

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVE-2023-0803: tiffcrop: heap-buffer-overflow in extractContigSamplesShifted16bits, tiffcrop.c:3516 (#501) · Issues · libtiff / libtiff · GitLab

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVE-2023-0804: Merge branch 'tiffcrop_composite_image_assumption_test_fix#496' into 'master' (33aee127) · Commits · libtiff / libtiff · GitLab

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

Dark Web Revenue Down Dramatically After Hydra's Demise

Competitor markets working to replace Hydra's money-laundering services for cybercriminals.

CVE-2023-25719: MSP Technology | IT Management Software | ConnectWise

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector.

Russian Hackers Disrupt NATO Earthquake Relief Operations

Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.

Ubuntu Security Notice USN-5867-1

Ubuntu Security Notice 5867-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5866-1

Ubuntu Security Notice 5866-1 - It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's logs could exploit this issue and may obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that Nova did not properly handle attaching and reattaching the encrypted volume. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected Ubuntu 16.04 ESM.