PT-2024-11175 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a double free on completion race in the io uring component of the Linux kernel. Specifically, it involves the io link timeout fn function and the removal of...

Elastic Kibana Timeout Bypass Vulnerability (ESA-2021-07)

Kibana is prone to a timeout bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Design/Logic Flaw

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

Summary of CVE-2021-22136 : A timeout-bypass vulnerability in Kibana affects versions before 7.12.0 and 6.8.15 where the xpack.security.session.idleTimeout is not respected due to background polling, allowing sessions to outlive intended timeouts. Reported in the NVD/NVD-derived entry for Kibana,...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Elastic Stack Kibana 代码问题漏洞

Elastic Stack Kibana is an application from the American company Elastic Stack. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. A security vulnerability exists in Kibana prior to versions 7.12.0 and 6.8.15. The...

Cisco Adaptive Security Appliance Software SIP DoS (cisco-sa-asaftd-sipdos-3DGvdjvg)

According to its self-reported version, the SIP inspection process of Cisco Firepower Threat Defense FTD Software is affected by denial of service vulnerability due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from t...

Cisco Firepower Threat Defense Software SIP DoS (cisco-sa-asaftd-sipdos-3DGvdjvg)

According to its self-reported version, the SIP inspection process of Cisco Firepower Threat Defense FTD Software is affected by denial of service vulnerability due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from t...

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to session timeout errors, which allow attackers to trigger a device reboot or cause a service failure.

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to session timeout errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service...

Elastic Stack Kibana 资源管理错误漏洞

Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate within Elastic Stack. A resource management error vulnerability exists in Kibana that stems from a lack of a timeout or a limit on t...

Denial Of Service (DoS)

servicemesh-proxy is vulnerable to denial of service. An attacker is able to crash the application by sending a malicious packet that specifies a large grpc-timeout, causing envoy to incorrectly calculate the timeouts...

Microsoft RDP Web Client Login Enumeration

Enumerate valid usernames and passwords against a Microsoft RDP Web Client by attempting authentication and performing a timing based check against the provided username. Module Options msf use auxiliary/scanner/http/rdpweblogin msf auxiliaryrdpweblogin show actions ...actions... msf...

CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command...

envoyproxy/envoy: integer overflow handling large grpc-timeouts

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Huawei Data Communication: A proper timeout interval must be configured for the VTY

Configure the SSH/telnet login session of the VTY to not time out. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...

HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface

Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why? When I utilize Aquatone to flyover some hosts, I have some performance issues by the screenshot feature, and the lack of extension capabilities - like validating front-end technologies with a...

CVE-2021-28682

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...