Search cyberveille.decio.ch

Found 6 bookmarks

Custom sorting

BIND updates fix high-severity DoS bugs in the DNS software suite

The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.

#securityaffairs #EN #2024 #ISC #security #updates #DoS #CVE-2024-0760 #CVE-2024-1737 #CVE-2024-1975 #CVE-2024-4076

·securityaffairs.com·Jul 26, 2024

BIND updates fix high-severity DoS bugs in the DNS software suite

Critical Cisco bug lets hackers add root users on SEG devices

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.

#bleepingcomputer #EN #2024 #Code #InfoSec #Execution #Path #Gateway #Denial #DoS #Remote #Cisco #RCE #CVE-2024-20401 #SEG

·bleepingcomputer.com·Jul 19, 2024

Critical Cisco bug lets hackers add root users on SEG devices

HTTP/2 CONTINUATION Flood: Technical Details

Deep technical analysis of the CONTINUATION Flood: a class of vulnerabilities within numerous HTTP/2 protocol implementations. In many cases, it poses a more severe threat compared to the Rapid Reset: a single machine (and in certain instances, a mere single TCP connection or a handful of frames) has the potential to disrupt server availability, with consequences ranging from server crashes to substantial performance degradation. Remarkably, requests that constitute an attack are not visible in HTTP access logs. **A simplified security advisory and the list of affected projects can be found in: http2-continuation-flood

#nowotarski #EN #2024 #CONTINUATION-flood #HTTP/2 #DoS #technical-details

·nowotarski.info·Apr 5, 2024

HTTP/2 CONTINUATION Flood: Technical Details

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.

#bleepingcomputer #EN #2024 #Connect-Secure #Denial-of-Service #DoS #Ivanti #Policy-Secure #RCE #Remote-Code-Execution #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 4, 2024

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Loop DoS: New Denial-of-Service attack targets application-layer protocols

A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.

#cispa.de #EN #2024 #DoS #Denial-of-Service #UDP #vulnerability #Application-Layer

·cispa.de·Mar 20, 2024

Loop DoS: New Denial-of-Service attack targets application-layer protocols

178,000 SonicWall firewalls are vulnerable to old DoS bugs

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

#theregister #EN #2024 #2022 #CVE-2022-22274 #CVE-2023-0656 #SonicWall #DoS

·theregister.com·Jan 22, 2024

178,000 SonicWall firewalls are vulnerable to old DoS bugs