#dos

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC CN 4100: All versions prior to V4.0 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial-of...

### Summary Sending a message that modifies the validator set at the epoch boundary halts the chain. ### Impact Denial of Service - Comos-sdk prevents modifying the validator set from two different modules - https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/types/module/module.go#L811. Such an operation leads to panic and chain halt. ### Detailed Post mortem https://boiling-lake-106.notion.site/2025-06-18-Genesis-mainnet-chain-halt-post-mortem-229f60cc1b5f80b7adf5e3ea0541ea87

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?** Exploitation of this attack requires a local attacker to create arbitrary directories. User interaction is necessary as the attacker relies on an Administrator to run wprui.exe for the first time.

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

International Criminal Court faces new "sophisticated" cyberattack in The Hague. Occurring near the NATO summit, this incident impacts the ICC as it handles major global cases.

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the `SETTING_RE` variable within the `transformers/commands/chat.py` file. The regex contains repetition groups and non-optimized quantifiers, leading to exponential backtracking when processing 'almost matching' payloads. This can degrade application performance and potentially result in a denial-of-service (DoS) when handling specially crafted input strings. The issue is fixed in version 4.51.0.