Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

Attack the block – How a security researcher cracked 70% of urban WiFi networks in one hit

A new attack takes advantage of weak WiFi passwords

PortSwigger
#ddos#vulnerability
A week in security (Sept 13 – Sept 19)

A round up of the previous week's blogs and most interesting and relevant security events, hacks, and information. Categories: A week in security Tags: 0-day adselfservice plus avoid US sanction Chrome 0-day Chrome vulnerability computer cookies Dark Web ddos fake COVID vaccine certificate fake UPS fake vaccine certificate Gaggle lock and code lock and code podcast Lock and Code S02E17 Magecart Magecart Group 8 Matt Crape omigod phishing privacy children Puma ransomware South Africa SSL ssl certificate vulnerability zero-click *( Read more... ( https://blog.malwarebytes.com/a-week-in-security/2021/09/a-week-in-security-sept-13-2021-sept-19-2021/ ) )* The post A week in security (Sept 13 – Sept 19) appeared first on Malwarebytes Labs.

CVE-2020-7731: Snyk Vulnerability Database | Snyk

This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

CVE-2021-22696

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

CVE-2020-28491: Snyk Vulnerability Database | Snyk

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

CVE-2020-14312: Invalid Bug ID

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.

CVE-2020-25686: DNSPOOQ - JSOF

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVE-2020-25685: DNSPOOQ - JSOF

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVE-2020-35896: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory › RustSec Advisory Database

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.