NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

AZL-64043 CVE-2025-38075 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for IT Nexus...

DEBIAN-CVE-2025-38075

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for IT Nexus...

PT-2025-20525

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the igc driver in the Linux kernel, where writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. This c...

Directus's S3 assets become unavailable after a burst of malformed transformations

Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of sockets held on Agent on NodeHttpHandler wa...

CVE-2025-29923

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...

CVE-2025-29923

CVE-2025-29923 affects the Go Redis client library (go-redis). Prior to versions 9.5.5, 9.6.3, and 9.7.3, the client may return out-of-order responses when a timeout occurs during the CLIENT SETINFO phase at connection establishment, especially if identity transmission is enabled or timeouts are ...

CVE-2024-11040

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

Unexpected Status Code or Return Value

Overview Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in initConn, which causes out of order responses when CLIENT SETINFO times out while establishing a connection. Workaround This vulnerability can be avoided by setting DisableIndentity to true when...

Denial-of-Service (DoS)

github.com/hashicorp/yamux is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of connection timeouts due to Stream.Read calls hanging indefinitely if a corresponding Stream.Write call times out under network congestion, leading to stalled sessions and requirin...

SevOne Network Performance Management Application Brute Force Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SevOne Network Performance Management Application Brute Force Login Utility', 'Description' = % This module scans for SevOne Network Performance...

Cambium CnPilot R200/r201 Login Scanner And Config Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 Login Scanner and Config Dump', 'Description' = % This module scans for Cambium cnPilot r200/r201 management login...

CWA 2405: Application launch fails after upgrading to CWA 2405

After upgrading CWA to 2405 app launch may fail with "Internal error" or "Connection Timeout". The issue is seen more frequently while trying to launch multiple applications at the same time. The ICA file gets downloaded but after sometime, "Connection timeout" error is seen. Sometimes, the first...

SecureMail 24.2 for iOS unable to connect to exchange server

When a user on iOS updates their installed version of SecureMail to 24.2, it no longer syncs with on-prem exchange server. Error in SecureMail logs as follow s: "Secure Mail: The connection to the server timed out. Please try again in a few minutes."...

Intermittent error "An existing connection was forcibly closed by the remote host" on Citrix DAAS.

Intermittently session launch fails for Citrix Daas . If the user tries a few times it may be possible to launch an application or desktop. The failure reason is recorded as "Connection Timeout" . This error may also be seen . "Failed to connect to the server for your session ''NameofApplication'...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-433 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker...

ALPINE-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

UBUNTU-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...