python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux SCTP stack. A blind attacker may be able to terminate an existing SCTP connection by using invalid chunks, provided that the attacker knows the IP addresses and port numbers being used, and that the attacker can send packets with spoofed IP addresses...

CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

The Dark Web Economy Behind Ad Fraud: What Marketers Don’t See

Ad fraud networks use bots, deepfakes and spoofed traffic to drain PPC budgets. This report shows how fake clicks distort performance data...

RFC 6169 安全漏洞

RFC 6169 is a network protocol open-sourced by RFC. A security vulnerability exists in RFC 6169 that stems from not verifying or validating the origin of network packets. An attacker exploiting this vulnerability could spoof traffic and bypass access control...

RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1627)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1627 advisory. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service Iaa...

RHEL 7 : Red Hat OpenStack Platform 8 director (RHSA-2018:2857)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2857 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks

On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol SLP, a legacy Internet protocol. What is SLP protocol? Service Location Protocol SLP is a network protocol designed to simplify th...

Abuse of the Service Location Protocol May Lead to DoS Attacks

The Service Location Protocol SLP, RFC 2608link is external allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor. Researchers from Bitsigh...

CVE-2023-29552

The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor...

SUSE CVE-2014-2146

The Zone-Based Firewall ZBFW functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these...

Stormshield Network Security 代码问题漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. A security vulnerability exists in Stormshield Network Security SNS version 4.3.x up to and including 4.3.8, which stems from an event log entry in the ASQ sofbus lacbus plugin that...

Z-Wave 安全特征问题漏洞

Z-Wave is a wireless communication protocol used primarily for home automation. It is a mesh network that uses low power consumption radio waves to communicate from device to device to wirelessly control appliances and other devices in the home, such as controlling lighting, security systems,...

memcached: UDP server support allows spoofed traffic amplification DoS

It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service DDoS attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causi...

CVE-2014-2146

The Zone-Based Firewall ZBFW functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these...

Cross site scripting

The Zone-Based Firewall ZBFW functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these...

Root Servers Were Not Targets of 2015 DDoS Attack

When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses. The most recent attacks against the root servers happened over a two-day period starting last Nov. 30,...

DEBIAN-CVE-2014-4343

Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via network...

Symantec Norton Personal Firewall 2002/ Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block DoS Weakness

No description provided by source. source: http://www.securityfocus.com/bid/5917/info A weakness has been reported in some PC Firewall packages that could allow remote denial of service attacks. The problem is in the handling of spoofed traffic. Under some circumstances, it is possible for remote...

Link Logger syslogd resource overwhelm DoS

Remote: yes Credit: Mike Cyr, aka h00die Vulnerable: 2.4.10.15 ddwrt version but more than likely all versions Discussion: Link Logger is a program for logging, analysis and reporting of router traffic so you can easily spot attacks and abuses on your network. By sending a ton of spoofed traffic,...