Security Bulletin: Netty HTTP/2 MadeYouReset Vulnerability Allows Bypass of Max Concurrent Streams, Enabling DDoS Attacks, affects watsonx.data

Summary Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max...

nodejs:18 security update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

EUVD-2020-29161

Malware in sbrugna...

EUVD-2010-2371

Malware in sbrugna...

EUVD-2022-32658

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-2058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.22 and prior. Easily...

CVE-2022-28204

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere⌖=Property%3AP31=1=1 can take more than thirty seconds. There is a DDoS risk...

CVE-2024-29153

A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem...

PT-2025-2366 · Apache · Apache Hive

Name of the Vulnerable Software and Affected Versions: Apache Hive versions prior to 4.0.0 Description: The issue arises from the use of Arrays.equals in LlapSignerImpl to compare message signatures, allowing an attacker to forge a valid signature for an arbitrary message byte by byte. This can...

CVE-2022-28204

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk...

CVE-2022-28204

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk...

CVE-2014-3648

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached...

PT-2022-18873 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.37.x before 1.37.2 Description: A denial-of-service issue was discovered. The rendering of "w/index.php?title=Special:WhatLinksHere&target=Property:P31&namespace=1&invert=1" can take more than thirty seconds, posing a DDo...

UBUNTU-CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not...

Retrospective 2020: DDoS Risk Higher Than Ever

Never before has the risk of a distributed denial-of-service DDoS attack been higher. In 2020, we saw record-breaking attacks, a DDoS extortion campaign impacting thousands of organizations globally, more emergency customer turnups, and more Akamai customers attacked than any year on record -- an...

Multiple I-O DATA LAN routers vulnerable in UPnP functionality

Overview A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution For NP-BBRS: Do not use NP-BBRS The developer has stated that...

Multiple broadband routers may behave as open resolvers

Overview Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may...