Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

New Kiteworks Report Reveals Significant Risk Maturity Gap

Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

DARKReading
#web#ddos#dos
CVE-2022-1253: Heap-based Buffer Overflow in libde265

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

CVE-2022-1253: Heap-based Buffer Overflow in libde265

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

CVE-2021-45040: CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.

CVE-2021-42712: Remote Access Security | Splashtop

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-46102: New Integer Overflow Bug Discovered in Solana rBPF - BlockSecTeam - Medium

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.st_value + refd_pa) as u64";

RHSA-2021:5134: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update (from 7.9 to 7.10) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-10744: nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties * CVE-2019-12415: poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem * CVE-2020-2875: mysql-...

CVE-2002-20001: GitHub - Balasys/dheater: D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key ex

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

CVE-2002-20001: GitHub - Balasys/dheater: D(HE)ater is a security tool can perform DoS attack by enforcing the DHE key exchange.

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.