102 matches found
CVE-2023-36669
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...
The Global DDoS Threat Landscape – November 2022
Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses, it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurit...
The Global DDoS Threat Landscape – October 2022
Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurity...
Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack
Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service DDoS attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack...
CVE-2022-20728
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
Design/Logic Flaw
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
CVE-2022-20728 Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
CVE-2022-20728 Cisco Access Points VLAN Bypass from Native VLAN Vulnerability
A vulnerability in the client forwarding code of multiple Cisco Access Points APs could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards...
CVE-2022-20728
CVE-2022-20728 describes a VLAN-bypass flaw in the client forwarding code of multiple Cisco Access Points. An unauthenticated, adjacent attacker can inject packets from the native VLAN to nonnative VLAN clients due to a logic error that forwards packets destined to a wireless client when received...
The Global DDoS Threat Landscape – September 2022
Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly communicate the Imperva Threat Research team’s findings and...
Q1 2022 Global DDoS Threat Landscape Report Findings Summary
Last week, Imperva released the Q1 2022 Global DDoS Threat Landscape Report. To produce the report’s findings, Imperva performs detailed statistical analysis of all DDoS activity that our Threat Research Labs monitored from our global network of PoPs during the first three months of 2022. In...
Cilium - eBPF-based Networking, Security, And Observability
Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to...
Imperva recognized as a ‘Leader’ in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report
We are delighted to share that Imperva has been named a leader in The Forrester Wave: DDoS Mitigation Solutions, Q1 2021 report, a trusted source for technology buyers which helps security and risk professionals select the right vendor for their needs. You can download a copy of the report here...
Design/Logic Flaw
A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource...
CVE-2020-26070 Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability
A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper resource...
CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...
CVE-2020-27617
ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...