Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

Ubuntu Security Notice USN-5721-1

Ubuntu Security Notice 5721-1 - It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos#perl#ssl
Ubuntu Security Notice USN-5709-2

Ubuntu Security Notice 5709-2 - USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

GHSA-jr77-8gx4-h5qh: MessagePack for Golang subject to DoS via Unmarshal panic

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1.

CVE-2021-0185: INTEL-SA-00708

Improper input validation in the firmware for some Intel(R) Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2022-41719: Many panics/crashes when fuzzing · Issue #31 · shamaton/msgpack

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.

Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises

KmsdBot takes advantage of SSH connections with weak login credentials to mine currency and deplete network resources, as it gains a foothold on enterprise systems.

GHSA-2p9h-ccw7-33gf: cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.

GHSA-4r6j-fwcx-94cf: snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method

GHSA-5jqp-885w-xj32: pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method