Tag: dos

Sicherheitslücken: Gitlab-Entwickler raten zu zügigem Update

Feb 13, 2025 2:48 PM

Tags: dos, gitlab, update

Gitlab ist unter anderem für DoS-Attacken anfällig. Außerdem können vertrauliche Informationen leaken. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsluecken-Gitlab-Entwickler-raten-zu-zuegigem-Update-10281262.html
Fortinet’s FortiOS Vulnerabilities Allow Attackers Trigger RCE and Launch DoS Attack

Feb 12, 2025 11:55 AM

Tags: attack, cve, cyber, dos, firewall, flaw, fortinet, rce, remote-code-execution, service, vpn, vulnerability

Fortinet’s FortiOS, the operating system powering its VPN and firewall appliances, has been found vulnerable to multiple security flaws that could allow attackers to execute remote code (RCE) and launch denial-of-service (DoS) attacks. These vulnerabilities, disclosed by Akamai researcher Ben Barnea, were assigned CVE-2024-46666 and CVE-2024-46668. Fortinet released patches on January 14, 2025, to mitigate…
Rogue-DHCP-Server, DHCP-Spoofing und DoS-Angriffe verhindern – DHCP-Schwachstellen erkennen

Feb 10, 2025 12:37 PM

Tags: cyberattack, dos, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/-schutz-vor-dhcp-spoofing-und-rogue-dhcp-server-angriffen-a-5188be477bcc4cbbd16f538ce6f3ddcd/
Defekter Sicherheitspatch für HCL BigFix Server Automation repariert

Feb 7, 2025 10:06 AM

Tags: automation, dos

Angreifer können HCL BigFix per DoS-Attacke abschießen. Ein überarbeitetes Sicherheitsupdate soll das Problem nun lösen. First seen on heise.de Jump to article: www.heise.de/news/Defekter-Sicherheitspatch-fuer-HCL-BigFix-Server-Automation-repariert-10273805.html
F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

Feb 6, 2025 12:05 PM

Tags: attack, control, cyber, cybersecurity, dos, exploit, flaw, service, vulnerability

A recently disclosed vulnerability in F5’s BIG-IP systems has raised alarm within the cybersecurity community. The flaw, designated CVE-2025-21091, enables remote attackers to exploit SNMP configuration issues, potentially leading to Denial-of-Service (DoS) attacks on affected systems. This vulnerability, which carries aCVSS v4.0 score of 8.7 (High), impacts the control plane of BIG-IP systems. F5 has issued a security…
Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks<<

Feb 6, 2025 11:06 AM

Tags: advisory, cisco, cyber, dos, flaw, network, service, vulnerability

Cisco has disclosed multiple vulnerabilities in its Simple Network Management Protocol (SNMP) subsystem affecting Cisco IOS, IOS XE, and IOS XR software. These flaws, identified as high-severity, could allow an authenticated remote attacker to trigger Denial-of-Service (DoS) conditions, disrupting network operations. Key Details According to the Cisco Security Advisory ID: cisco-sa-snmp-dos-sdxnSUcW, the vulnerabilities stem from improper…
MobSF Framework Zero-Day Vulnerability Allows Attackers to Trigger DoS in Scan Results

Feb 6, 2025 9:06 AM

Tags: cyber, cybersecurity, dos, framework, github, mobile, service, vulnerability, zero-day

A recently discovered zero-day vulnerability in the Mobile Security Framework (MobSF) has raised alarms in the cybersecurity community. The vulnerability, which allows attackers to cause a partial Denial of Service (DoS) on scan results and the iOS Dynamic Analyzer functionality, was disclosed on GitHub yesterday by Ajin Abraham, under the advisory GHSA-jrm8-xgf3-fwqr. Technical Overview The vulnerability,…
Cisco patches antivirus decommissioning bug as exploit code surfaces

Jan 23, 2025 1:22 PM

Tags: advisory, antivirus, cisco, cve, docker, dos, email, endpoint, exploit, flaw, github, google, linux, malware, open-source, service, software, threat, update, vulnerability, windows

Cisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
Cisco Patches Critical Vulnerability in Meeting Management

Jan 23, 2025 1:22 PM

Tags: cisco, dos, exploit, flaw, vulnerability

Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists. The post Cisco Patches Critical Vulnerability in Meeting Management appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-critical-vulnerability-in-meeting-management/
Apache CXF Vulnerability Triggers DoS Attack

Jan 21, 2025 12:22 PM

Tags: apache, attack, cve, cyber, dos, framework, risk, service, vulnerability

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack due to improper handling of temporary files. The vulnerability has been confirmed in specific versions…
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild

Jan 15, 2025 5:02 AM

Tags: access, advisory, apt, attack, authentication, cloud, control, cve, data-breach, dos, exploit, firewall, flaw, fortinet, service, threat, update, vpn, vulnerability, zero-day

Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. Background On January 14, Fortinet released a security advisory (FG-IR-24-535) addressing a critical severity vulnerability impacting FortiOS and FortiProxy. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability…
DEF CON 32 Practical Exploitation of DoS in Bug Bounty

Jan 11, 2025 11:42 AM

Tags: bug-bounty, conference, dos, exploit

Author/Presenter: Roni Lupin Carta Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-practical-exploitation-of-dos-in-bug-bounty/
Palo Alto Networks patches DoS bug in PAN-OS software

Dec 27, 2024 9:43 PM

Tags: dos, network, software

First seen on scworld.com Jump to article: www.scworld.com/news/palo-alto-networks-patches-dos-bug-in-pan-os-software
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Dec 27, 2024 6:44 PM

Tags: cve, dos, exploit, firewall, flaw, hacker, network, service, vulnerability

Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/
Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

Dec 27, 2024 6:44 PM

Tags: attack, cve, cyber, dns, dos, exploit, firewall, flaw, mitigation, network, risk, service, vulnerability

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to exploit firewalls through specially crafted packets, causing denial-of-service (DoS) conditions. The issue has been actively exploited, prompting urgent mitigation measures. Details of the Vulnerability The vulnerability stems from improper handling of…
Palo Alto Releases Patch for PAN-OS DoS Flaw, Update Immediately

Dec 27, 2024 9:43 AM

Tags: access, cve, dos, flaw, network, service, software, update, vulnerability

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices.The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS First…
SvarDOS: DR-DOS is reborn as an open source operating system

Dec 24, 2024 11:42 AM

Tags: dos, network, open-source

A #DOScember surprise: fits on a single floppy, but has a network-capable package manager First seen on theregister.com Jump to article: www.theregister.com/2024/12/23/svardos_drdos_reborn/
Die 10 häufigsten LLM-Schwachstellen

Dec 19, 2024 6:42 AM

Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust
DoS attacks, data compromise threaten over 330K Prometheus instances

Dec 14, 2024 10:07 PM

Tags: attack, data, dos

First seen on scworld.com Jump to article: www.scworld.com/brief/dos-attacks-data-compromise-threaten-over-330k-prometheus-instances
Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

Dec 14, 2024 3:05 PM

Tags: attack, breach, cyber, data, data-breach, dos, endpoint, exploit, Internet, malicious, risk, threat, unauthorized, vulnerability

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from pprof endpoints, and potential code execution threats, which could lead to data breaches, system outages, and unauthorized access. Vulnerable Prometheus servers are exposed to internet risk exploitation by attackers, which includes a critical >>RepoJacking
336K Prometheus Instances Exposed to DoS, ‘Repojacking’

Dec 13, 2024 9:05 AM

Tags: api, data-breach, dos, open-source, password

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/336k-prometheus-instances-exposed-dos-repojacking
Atlassian schützt Confluence & Co. vor möglichen DoS-Attacken

Dec 12, 2024 10:05 AM

Tags: dos

Mehrere Sicherheitslücken in diversen Anwendungen von Atlassian gefährden Systeme. First seen on heise.de Jump to article: www.heise.de/news/Atlassian-schuetzt-Confluence-Co-vor-moeglichen-DoS-Attacken-10196643.html
Django Security Update, Patch for DoS SQL Injection Vulnerability

Dec 6, 2024 10:48 AM

Tags: attack, cyber, dos, injection, oracle, risk, service, sql, update, vulnerability

The Django team has issued critical security updates for versions 5.1.4, 5.0.10, and 4.2.17. These updates address two vulnerabilities: a potential denial-of-service (DoS) attack in the strip_tags() method and a high-severity SQL injection risk in Oracle databases. All developers and system administrators using affected versions are strongly encouraged to update to the newly released versions to ensure…
DoS-Angriffe – Wireshark-Schwachstellen bringen Systeme zum Absturz

Dec 5, 2024 7:48 AM

Tags: cyberattack, dos, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/wireshark-update-sicherheitsluecke-netzwerkmonitoring-a-15eb7fb65a1f05a245d5403203f1f2dd/
Misconfigured WAFs Heighten DoS, Breach Risks

Dec 4, 2024 3:48 PM

Tags: breach, dos, firewall, network, risk, service, waf

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/misconfigured-wafs-heighten-dos-breach-risks
HTTP/2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]

Dec 1, 2024 12:18 AM

Tags: attack, dos, flaw, risk, vulnerability

A new research conducted by security expert Bartek Nowotarski has unearthed a potential vulnerability in the HTTP/2 protocol. Known as the CONTINUATIO… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/http2-flaw-dos-attacks-cve-2024-27983/
DoS und Spoofing möglich – Kritische Schwachstellen in PHP gefährden Webseiten

Nov 29, 2024 3:30 PM

Tags: dos, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsupdates-php-entwickler-cve-2024-1874-a-8c4147f7ee335ada0705513bdb99a408/
Bitbucket, Confluence & Co.: Atlassian schließt DoS- und Schadcode-Lücken

Nov 21, 2024 11:53 AM

Tags: data, dos, exploit, service

Atlassians Entwickler haben Sicherheitslücken in Bamboo, Bitbucket, Confluence, Crowd Data, Jira, Jira Service Management und Sourcetree geschlossen. First seen on heise.de Jump to article: www.heise.de/news/Bitbucket-Confluence-Co-Atlassian-schliesst-DoS-und-Schadcode-Luecken-10082228.html
Windows 95 setup was three programs in a trench coat, Microsoft vet reveals

Nov 20, 2024 5:53 AM

Tags: dos, microsoft, windows

MS-DOS, a minimal Windows 3.1, and finally the teal delight of Windows 95 awaited installers First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/chen_windows_95_setup/
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Nov 14, 2024 11:51 AM

Tags: ai, cybersecurity, dos, exploit, flaw, framework, intelligence, theft

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a maliciou… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html