Experts disclosed details of two security flaws in the open-source software ImageMagick that could potentially lead to information disclosure or trigger a DoS condition. Researchers at Metabase Q discovered a couple of security vulnerabilities in the open-source image manipulation software ImageMagick that could potentially lead to information disclosure or trigger a Denial of Service (DoS) condition (CVE-2022-44268, CVE-2022-44267). ImageMagick is […]
Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028Â (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […]
OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting […]
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. A remote, unauthenticated attacker […]
Expert found a new persistent DoS vulnerability, dubbed ‘doorLock,’ affecting the Apple HomeKit in iOS 14.7 through 15.2. Security researchers Trevor Spiniolas discovered a new persistent DoS vulnerability, dubbed ‘doorLock,’ affecting the Apple HomeKit in iOS 14.7 through 15.2. HomeKit is a software framework by Apple, made available in iOS/iPadOS that lets users configure, communicate […]
Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication software that could allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address, and triggering a […]
CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products. CISAâs advisories are related to RTU500 series bidirectional communication interface, Relion protection and control […]
A vulnerability in Oracle VM VirtualBox could be potentially exploited to compromise the hypervisor and trigger a denial-of-service (DoS) condition. A vulnerability in Oracle VM VirtualBox, tracked as CVE-2021-2442, could be potentially exploited to compromise the hypervisor and trigger a DoS condition. The vulnerability was discovered by Max Van Amerongen from SentinelLabs, it received a CVSS […]
Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading to DoS. Citrix has released security updates to address two vulnerabilities in ADC, Gateway, and SD-WAN, including a critical flaw, tracked as CVE-2021-22955, that can be exploited to trigger a denial of service (DoS) condition. The CVE-2021-22955 […]
The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of […]