The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems allows a hacker to induce a service failure.

The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems is related to the execution of operations beyond the buffer in memory due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

kernel: vsock: remove vsock from connected table when connect is interrupted by a signal

A vulnerability was found in the Linux kernel's vsock subsystem's vsockstreamconnect function where improper handling of the socket state can lead to the connected table's list being corrupted. This occurs when a signal interrupt occurs and resets the socket's state without removing it from the...

The vulnerability of the gnutls_pkcs7_verify function in the pkcs7 component of the GnuTLS library allows a attacker to cause a service failure.

The vulnerability of the gnutlspkcs7verify function in the pkcs7 component of the GnuTLS library is related to the reallocation of memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the StrongSwan client’s revocation VPN plugin, related to uncontrolled resource consumption, allows a violator to trigger a service failure.

The vulnerability of the StrongSwan client’s revocation VPN plugin is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service interruptions...

Prototype Pollution

@backstage/plugin-catalog-backend is vulnerable to Prototype Pollution. The vulnerability is caused due to improper user input sanitization in the catalog API, which allows an attacker to interrupt the service using a specially crafted query...

The vulnerability of the web servers of the microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP allows a perpetrator to cause service interruptions.

The vulnerability of the web servers of microprogramming software for communication modules of SIMATIC CP, SIPLUS ET, and SIPLUS NET CP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Networking component of Windows operating systems, which allows a hacker to trigger a service failure

The vulnerability of the Networking component of Windows operating systems exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2024-45815

A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. Mitigation Mitigation for this issue...

GHSA-3X3F-JCP3-G22J @backstage/plugin-catalog-backend Prototype Pollution vulnerability

Impact A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. Patches This has been fixed in the 1.26.0 release of the @backstage/plugin-catalog-backend...

CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

CVE-2024-45815 Prototype pollution in @backstage/plugin-catalog-backend

Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 relea...

The vulnerability in the `color.c` component of the `sycc420_to_rgb` function in the OpenJPEG library, related to buffer overflows, allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the color.c component in the sycc420torgb function of the OpenJPEG library, which is used for image encoding and decoding, relates to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

The vulnerability of the LibGD graphics library, related to reading beyond the allowed buffer data limits, allows attackers to cause service interruptions.

The vulnerability of the LibGD graphics library is related to reading data beyond the acceptable buffer limit. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Vulnerability of the amdgpu_vm_bo_update function in the drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c file of the Linux kernel, related to pointer dereferencing errors, allowing attackers to cause service failures

The vulnerability of the amdgpuvmboupdate function in the drivers/gpu/drm/amd/amdgpu/amdgpuvm.c file of the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

K000141041: GnuTLS vulnerabilities CVE-2024-28834 and CVE-2024-28835

Security Advisory Description CVE-2024-28834 A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag...

freewvs's nested directory structure can interrupt scan

Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...

Rockwell Automation Micro850/870 Denial of Service Vulnerability

Rockwell Automation Micro850/870 is a programmable logic controller from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation Micro850/870 v20.011, which can be exploited by an attacker to cause CIP/Modbus communication to be interrupted for a short period of time...

The vulnerability affects the .NET development platform used by Microsoft Visual Studio, allowing attackers to trigger a service failure.

The vulnerability of the .NET development platform used by Microsoft Visual Studio is related to the transmission of credentials in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

CVE-2022-48898 drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dpauxcmdfifotx if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP...

The vulnerability of the PAN-OS operating system in the centralized network switch management system of Palo Alto Networks Panorama allows a attacker to trigger a service failure.

The vulnerability of the PAN-OS operating system in the Palo Alto Networks Panorama network switch management system is related to the ability to download unlimited files of a malicious nature. Exploiting this vulnerability allows a malicious actor to cause service interruptions by downloading...