Lucene search
+L

9 matches found

vulnrichment
vulnrichment
added 2026/02/09 8:34 p.m.2 views

CVE-2026-25791 Sliver has a DNS C2 OTP Bypass Allows Unauthenticated Session Flooding and Denial of Service

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored...

7.5CVSS5.7AI score0.00407EPSS
Exploits1References2
github
github
added 2026/02/06 10:52 p.m.12 views

Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service

Summary The DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly...

7.5CVSS5.5AI score0.00407EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2552

Malware in sbrugna...

6.5CVSS6.5AI score0.0088EPSS
Exploits0References4
redhatcve
redhatcve
added 2022/02/21 1:46 p.m.12 views

CVE-2020-35210

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...

6.5CVSS5.7AI score0.0088EPSS
Exploits0References3
osv
osv
added 2021/12/17 8:41 p.m.8 views

GHSA-MF27-WG66-M8F5 A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...

6.5CVSS5.9AI score0.0088EPSS
Exploits0References3
nvd
nvd
added 2021/12/16 8:15 p.m.9 views

CVE-2020-35210

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...

6.5CVSS0.0088EPSS
Exploits0References1
prion
prion
added 2021/12/16 8:15 p.m.14 views

Session fixation

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...

4CVSS6.2AI score0.0088EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/12/16 7:8 p.m.12 views

CVE-2020-35210

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...

6.2AI score0.0088EPSS
Exploits0References1
cve
cve
added 2021/12/16 7:8 p.m.89 views

CVE-2020-35210

CVE-2020-35210 affects Atomix v3.1.5 and enables denial-of-service via a Raft session flooding attack using Raft OpenSessionRequest messages. Multiple connected sources (Red Hat CVE entry, CNVD/CNNVD, Veracode, GHSA) corroborate a DoS impact stemming from a resource-management flaw in Atomix 3.1....

6.5CVSS6.2AI score0.0088EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder