Lucene search
K

114 matches found

OSV
OSV
added 2021/05/25 5:15 p.m.17 views

CVE-2021-23937

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...

7.5CVSS6.9AI score
Exploits0References4
Prion
Prion
added 2021/05/25 5:15 p.m.21 views

Design/Logic Flaw

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...

5CVSS7.5AI score0.0426EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/05/25 8:5 a.m.25 views

CVE-2021-23937 DNS proxy and possible amplification attack

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...

7.7AI score0.0426EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2021/04/15 5:17 p.m.56 views

“Huge upsurge” in DDoS attacks during pandemic

Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at...

Exploits0
The Hacker News
The Hacker News
added 2021/02/06 7:28 a.m.7 views

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

6AI score
Exploits0
Cloud Foundry
Cloud Foundry
added 2020/06/24 12:0 a.m.45 views

USN-4374-1: Unbound vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target...

7.5CVSS7.8AI score0.03588EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/28 12:0 a.m.42 views

Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4374-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4374-1 advisory. Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this...

7.5CVSS6.8AI score0.03588EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/05/28 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-4374-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.03588EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/05/27 3:19 p.m.121 views

USN-4374-1: Unbound vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target. CVE-2020-12662 It was discovered that Unbound incorrectly handled certain malformed answers....

7.5CVSS6.8AI score0.03588EPSS
Exploits0
NCSC
NCSC
added 2020/05/20 12:0 a.m.2 views

Vulnerabilities fixed in BIND

BIND has fixed several vulnerabilities that could allow a malicious potentially capable of causing a denial-of-service DoS cause. A DoS attack exploiting the vulnerability with attribute CVE-2020-8617, targets DNS clients. The vulnerability with attribute CVE-2020-8616 involves a new method for...

8.6CVSS6.7AI score0.93422EPSS
Exploits6
OSV
OSV
added 2020/05/19 5:15 p.m.37 views

CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS7.4AI score
Exploits0References6
OSV
OSV
added 2020/05/19 5:15 p.m.1 views

DEBIAN-CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS8.2AI score0.04372EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/05/19 4:4 p.m.45 views

CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS7.5AI score0.04372EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/05/19 4:4 p.m.51 views

CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS7.5AI score0.04372EPSS
Exploits0
OSV
OSV
added 2020/05/19 12:0 p.m.3 views

UBUNTU-CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS7.2AI score0.04372EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2020/05/19 10:0 a.m.34 views

Web Giants Scrambled to Head Off a Dangerous DDoS Technique

Firms like Google and Cloudflare raced to prevent an amplification attack that threatened to take down large portions of the internet with just a few hundred devices...

1.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/10/02 1:59 a.m.3 views

FON routers may behave as an open resolver

Overview FON routers contain an issue where they may behave as open resolvers. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". FON routers contain an issue where they may behave as open resolvers. Hideyoshi Okazaki of ARTERI...

7.8CVSS6.6AI score0.01608EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/09/23 12:0 a.m.12 views

Fedora 29 : nbdkit (2019-ee52ef0cdc)

New upstream version 1.12.7. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/09/20 12:0 a.m.19 views

Fedora 30 : nbdkit (2019-867f0858e6)

New upstream version 1.12.7. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...

5.5AI score
Exploits0References2
CNVD
CNVD
added 2018/12/25 12:0 a.m.6 views

Epson WorkForce WF-2861 Denial of Service Vulnerability (CNVD-2019-43855)

The Epson WorkForce WF-2861 is a Wi-Fi duplex MFP inkjet printer. An amplification attack vulnerability exists in the Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA. The vulnerability stems from the device using SNMP to look up certain devices on the network. An attacker could...

5.9CVSS6.8AI score0.00906EPSS
Exploits1References1
Rows per page
Query Builder