OESA-2024-1192 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying...

AlmaLinux 8 : edk2 (ALSA-2024:0888)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0888 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or...

Format string

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS, QuTS hero (QSA-23-38)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-38 advisory: - A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could...

Race condition

StorageGRID formerly StorageGRID Webscale versions prior to 11.8 are susceptible to a Denial of Service DoS vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot...

CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

CVE-2024-24814

CVE-2024-24814 affects the mod_auth_openidc OpenID Connect Relying Party module for Apache 2.x. The issue arises from missing input validation on the mod_auth_openidc_session_chunks cookie, which can be manipulated to a very large value, causing the server to work hard, delay responses, and poten...

CVE-2024-21404

A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service DoS attack by providing specially crafte...

Siemens SIMATIC WinCC, OpenPCS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

RHEL 8 : squid:4 (RHSA-2024:0773)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0773 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: DoS against...

CVE-2024-21875 DoS attack when broadcasting billboard messages

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v billboard modules allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3...

Use After Free

Artifex Ghostscript is vulnerable to Use After Free. The vulnerability is due to a single-character code in a PDF document being able to map to more than one Unicode code point. This potentially leads to a Denial of ServiceDoS Attack...

CVE-2024-24575

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

Information disclosure

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

CVE-2024-24943

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...

PT-2024-19796 · Cybozu · Cybozu Kunai For Android

Name of the Vulnerable Software and Affected Versions: Cybozu KUNAI for Android versions 3.0.20 through 3.0.21 Description: The issue allows a remote unauthenticated attacker to cause a denial-of-service DoS condition by performing certain operations. Recommendations: For versions 3.0.20 through...