CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

USN-4365-1 bind9 vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

USN-4365-1: Bind vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

PT-2020-3611

Name of the Vulnerable Software and Affected Versions BIND versions prior to the fixed version Windows DNS Server affected versions not specified PowerDNS Recursor affected versions not specified Description The issue is related to a lack of effective limitation on the number of fetches performed...

UBUNTU-CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

jenkins: UDP multicast/broadcast service amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...

Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FreeBSD : jenkins -- multiple vulnerabilities (a250539d-d1d4-4591-afd3-c8bdfac335d8)

Jenkins Security Advisory : DescriptionHigh SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

Security update for teeworlds (moderate)

openSUSE Security Update: Security update for teeworlds Announcement ID: openSUSE-SU-2019:1999-1 Rating: moderate References: 1112910 1131729 Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...

Debian DLA-1867-1 : wpa security update

Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run unprivileged code on the target machine...

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation

Microsoft Windows 10.0.17134.648 - HTTP - SMB NTLM Reflection Leads to Privilege Elevation VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combi...

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

USN-3944-1 wpa vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...