CVE-2023-32251 Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

In parties with more than one host, a single host can bypass the execution delay of a proposal by transferring his host status to other addresses of his.

Lines of code Vulnerability details The Vulnerability After a proposal has gathered enough votes to pass, it waits through a period defined in the governance values named executionDelay. That executionDelay period is bypassed and the proposal can be executed immediately if ALL hosts of the party...

SUSE CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

CVE-2019-11697

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...

UBUNTU-CVE-2019-11697

If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on th...

Debian Security Advisory DSA 2289-1 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 2289-1. OpenVAS Vulnerability Test $Id: deb22891.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2289-1 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian: Security Advisory (DSA-2289-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2289-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletion. More details can be found in the Typo3 security advisory: TYPO3-CORE-SA-2011-001. %NASLMINLEVE...

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Information Disclosure, Authentication Delay Bypass, Unserialize vulnerability, Missing Access Control. Component Type: TYPO3 Core Affected Versions: 4.3.11 and below, 4.4.8 and below, 4.5.3 and below Vulnerability...

[Full-disclosure] Assorted browser vulnerabilities

Hello, Will keep it brief. A couple of browser bugs, fresh from the oven, hand crafted with love: 1 Title : MSIE page update race condition CRITICAL Impact : cookie stealing / setting, page hijacking, memory corruption Demo : http://lcamtuf.coredump.cx/ierace/ ...aka the bait & switch...