Lucene search
K

114 matches found

NVD
NVD
added 2023/02/21 2:15 a.m.26 views

CVE-2023-26249

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response...

7.5CVSS7.4AI score0.00708EPSS
Exploits0References1
Prion
Prion
added 2023/02/21 2:15 a.m.19 views

Code injection

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response...

5CVSS7.4AI score0.00708EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/21 2:15 a.m.3 views

UBUNTU-CVE-2023-26249

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response...

7.5CVSS7.1AI score0.00708EPSS
Exploits0References3
CVE
CVE
added 2023/02/21 12:0 a.m.51 views

CVE-2023-26249

Knot Resolver is affected by a DoS vulnerability (CVE-2023-26249) in versions prior to 5.6.0. The issue arises from insufficient input validation in the DNS translator, allowing a single client query to trigger many TCP reconnections (up to about a hundred attempts) when upstream servers close wi...

7.5CVSS7.3AI score0.00708EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/21 12:0 a.m.9 views

CVE-2023-26249

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response...

7.5CVSS7.4AI score0.00708EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.2 views

SUSE CVE-2020-10995

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted rep...

7.5CVSS8.5AI score0.04372EPSS
Exploits0References4
NVD
NVD
added 2022/11/17 5:15 a.m.21 views

CVE-2022-42982

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long tens of kBs and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks...

7.5CVSS0.00661EPSS
Exploits0References2
Veracode
Veracode
added 2022/07/11 6:4 p.m.13 views

Denial Of Service

Scandium is vulnerable to Denial of Serivice. The DTLS stack is not implemented correctly, leading to an amplification attack using resumption handshakes...

7.5CVSS7.3AI score0.00517EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/07/06 8:15 p.m.23 views

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...

7.5CVSS0.0083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/06 8:15 p.m.7 views

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...

7.5CVSS7.2AI score0.0083EPSS
Exploits0References2
OSV
OSV
added 2022/07/06 8:15 p.m.3 views

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...

7.5CVSS5.8AI score0.0083EPSS
Exploits0References1
Prion
Prion
added 2022/07/06 8:15 p.m.12 views

Design/Logic Flaw

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...

5CVSS7.5AI score0.0083EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/06 7:10 p.m.21 views

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack...

7.7AI score0.0083EPSS
Exploits0References1
CVE
CVE
added 2022/07/06 7:10 p.m.76 views

CVE-2021-4234

OpenVPN Access Server 2.10 and earlier are affected by a vulnerability where the server resends multiple packets in response to a client-sent reset, which the client does not respond to, enabling a limited amplification attack. The issue is documented in CVE-2021-4234 with a HIGH impact on availa...

7.5CVSS7.4AI score0.0083EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.3 views

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

7.5CVSS7.3AI score0.0083EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2022/06/15 3:25 p.m.17 views

Record breaking HTTPS DDoS attack

Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...

0.4AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/06/14 12:9 a.m.15 views

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service DDoS attacks against hundreds of thousands of Internet users and websites. The user...

1.1AI score
Exploits0
OSV
OSV
added 2022/05/24 5:7 p.m.1 views

GHSA-GPXV-776P-7GC7 Jenkins vulnerable to UDP amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services UDP multicast/broadcast and DNS multicast by default. The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes sent to the respective endpoint result in much...

5.8CVSS5.9AI score0.03443EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2014-0052)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.03801EPSS
Exploits0References4
NVD
NVD
added 2021/05/25 5:15 p.m.37 views

CVE-2021-23937

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to...

7.5CVSS0.0426EPSS
Exploits0References4
Rows per page
Query Builder