CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

Misskey 安全漏洞

Misskey is a permanently free open source federated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from an undetected proxy loop that allows a remote participant to perform a self-propagating...

UBUNTU-CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

PT-2024-10983 · Unknown · Bluetooth Core Specification

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specifications versions 2.1 through 5.3 Description: The issue concerns Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol. It may allow an unauthenticated...

Chargen Probe Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chargen Probe Utility', 'Description' = %q Chargen is a debugging and measurement tool and a character generator service. A character generator...

Schweitzer Engineering Laboratories SEL-411L Input Validation Error Vulnerability

The Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L, which can be...

Schweitzer Engineering Laboratories SEL-411L 安全漏洞

The Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L, which can be...

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol SLP that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive...

SUSE CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...

SUSE CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

Plex Media Server < 1.21.3.4014 DoS Vulnerability

Plex Media Server is prone to a denial of service DoS vulnerability. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2021-33959

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service...

CVE-2021-33959

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service...

Design/Logic Flaw

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service...

CVE-2021-33959

Summary: Multiple sources report a DoS/reflection vulnerability in Plex Media Server affecting version 1.21 and earlier (with OpenVAS citing &lt;1.21.3.4014). The Red Hat and CNNVD entries align on “Plex media server … ddos reflection attack via plex service.” The issue is described as an access-...

CVE-2021-33959

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service...

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...

CVE-2022-40626

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service DDoS attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources...

CVE-2018-18541

In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download...