EUVD-2025-204642

Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...

CVE-2024-51500 Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could cra...

Medium: cups-filters

Issue Overview: CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source,...

K000148279: CUPS vulnerability CVE-2024-47850

Security Advisory Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer bu...

SUSE CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2024-47850

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added. Mitigation See the security bulletin for a detailed...

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

DEBIAN-CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

UBUNTU-CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2024-47850

CVE-2024-47850 affects CUPS with cups-browsed before 2.5b1, where a single IPP UDP printer-add request can trigger an HTTP POST to an arbitrary destination/port, enabling potential DDoS amplification. This is documented in connected Astra Linux advisories and linked advisories; patching via vendo...

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service DDoS attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in exhausting its resources...

The “PhoneHome” DDoS Attack — Everything You Need to Know

A vulnerability in enterprise collaboration suite MiCollab by telecommunications company Mitel has been abused for distributed denial-of-service DDoS attacks with record-breaking amplification potential...

Exploit for Incorrect Default Permissions in Ui Unifi_Controller

This is a PoC exploit for CVE-2020-12695, a vulnerability in the CallStranger protocol. The exploit is implemented in Python and uses the upnpy library for UPnP communication. The script is designed to simulate data exfiltration, bypassing DLP Data Loss Prevention systems, and can also be used to...

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1023)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.05 : ntp Multiple Vulnerabilities (NS-SA-2019-0114)

The remote NewStart CGSL host, running version MAIN 4.05, has ntp packages installed that are affected by multiple vulnerabilities: - It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A...