#dos

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash.

The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use a specially crafted `kustomization.yaml` to cause Denial of Service at controller level. In multi-tenancy deployments this can lead to multiple tenants not being able to apply their Kustomizations until the malicious `kustomization.yaml` is removed and the controller restarted. ### Impact Within the affected versions, users with write access to a Flux source are able to craft a malicious `kustomization.yaml` file which causes the controller to enter an endless loop. ### Patches This vulnerability was fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0 released on 2022-04-20. The changes introduce better handling of Kustomization files blocking references that could lead to endless loops. ### Credits The Flux engineering team found and patched this vulnerability. ### For more information If you have any questio...

Users urged to update systems amid reports of active exploitation

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.

A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot.

A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been active since at least 2014. "XorDdos' modular

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.

HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.