Lucene search
K

284 matches found

Prion
Prion
added 2023/03/24 11:15 p.m.14 views

Design/Logic Flaw

DISPUTED ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between...

7.5CVSS9.3AI score0.00465EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.6 views

PT-2023-14715

Name of the Vulnerable Software and Affected Versions ComponentSpace.Saml2 version 4.4.0 Description The issue concerns missing SSL certificate validation at the application layer. According to the vendor, this is not considered a vulnerability because certificates are exchanged between trusted...

9.8CVSS7.1AI score0.00465EPSS
Exploits0References7
Amazon
Amazon
added 2023/03/22 12:0 a.m.18 views

Medium: sendmail

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
CNVD
CNVD
added 2023/03/01 12:0 a.m.24 views

Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2023-18294)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...

7.2CVSS7.6AI score0.00941EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/27 12:0 a.m.20 views

Fortinet FortiWeb has an unspecified vulnerability (CNVD-2023-18296)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...

7CVSS4.7AI score0.00163EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2023/02/21 6:10 p.m.24 views

Imperva releases its Global DDoS Threat Landscape Report 2023

The 2023 Imperva Global DDoS Threat Landscape Report reviews DDoS attack activity throughout 2022, provides insights into the year’s most noteworthy DDoS events, and offers recommendations for the year ahead. While the report focuses mainly on research data from the application and network DDoS...

1.1AI score
Exploits0
CNVD
CNVD
added 2023/02/20 12:0 a.m.19 views

Fortinet FortiWeb Resource Management Error Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A resource management error vulnerability...

7.8CVSS7.8AI score0.00201EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/20 12:0 a.m.20 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2023-18299)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/17 4:26 p.m.51 views

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.6 views

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that stems from an incorrect locking vulnerability in...

7.5CVSS7.4AI score0.00467EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/01/03 12:0 a.m.6 views

The vulnerability of the SIP Application Layer Gateway (ALG) on Juniper Networks’ Junos operating systems allows a attacker to trigger a system failure and restart the device.

The vulnerability of the SIP Application Layer Gateway ALG on Juniper Networks Junos operating systems is related to the use of an uninitialized pointer in the stack. Exploiting this vulnerability can allow a malicious actor to trigger a system failure and restart the device remotely...

7.8CVSS7.1AI score0.00616EPSS
Exploits0References2Affected Software1
Imperva Blog
Imperva Blog
added 2022/11/30 9:0 a.m.16 views

The Global DDoS Threat Landscape – November 2022

Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses, it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurit...

0.6AI score
Exploits0
NVD
NVD
added 2022/10/18 3:15 a.m.12 views

CVE-2022-22236

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When specific valid SIP packets are received the PFE will crash and...

7.5CVSS0.00616EPSS
Exploits0References1
CVE
CVE
added 2022/10/18 2:46 a.m.59 views

CVE-2022-22236

The CVE-2022-22236 affects Juniper Junos OS on SRX/MX series, caused by an uninitialized pointer in the SIP Application Layer Gateway (ALG) that can crash the PFE and trigger DoS when specific SIP packets arrive. Affected versions include 20.4R3-S4 and earlier for 20.4, 21.1R3-S2 and earlier, 21....

7.5CVSS7.5AI score0.00616EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2022/10/14 7:14 a.m.45 views

Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service DDoS attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.36 views

Juniper Junos OS Vulnerability (JSA69892)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69892 advisory. - An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated,...

7.5CVSS7.4AI score0.00616EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/10/10 11:30 a.m.26 views

HSTP - Simple Hyper Service Transfer Protocol On Networks

The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP...

6.9AI score
Exploits0References9
Cisco
Cisco
added 2022/09/28 4:0 p.m.37 views

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability

A vulnerability in the DNS application layer gateway ALG functionality that is used by Network Address Translation NAT in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an...

8.6CVSS8.4AI score0.00866EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2022/09/15 1:42 p.m.15 views

The Global DDoS Threat Landscape – September 2022

Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly communicate the Imperva Threat Research team’s findings and...

1.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2022/09/08 1:0 p.m.17 views

DDoS in Financial Services: What to Know and What to Do

Akamai explores trends of recent application-layer DDoS attacks across the Financial Services industry...

3.5AI score
Exploits0
Rows per page
Query Builder