Envoy 输入验证错误漏洞

Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to integer overflow, which can be exploited by an attacker with an excessive grpc-timeout value to cause an unexpected timeout calculation...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Elastic Stack 7.12.0 and 6.8.15 Security Update

Elasticsearch Suggester & Profile API information disclosure flaw ESA-2021-06 A document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document leve...

Stormshield Network Security Denial of Service Vulnerability

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security suffers from a denial of service vulnerability, which can be exploited by an attacker who can trigger a fatal error via an IPv6 NDP timeout in Stormshield...

openSUSE Security Update : nghttp2 (openSUSE-2021-341)

This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of stati...

OPENSUSE-SU-2021:0341-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static...

SSB - A Faster And Simpler Way To Bruteforce SSH Server

S ecure S hell B ruteforcer — A faster & simpler way to bruteforce SSH server. Installation from Binary Download a pre-built binary from releases page, unpack and run! Or: ▶ sudo curl -sSfL 'https://git.io/kitabisa-ssb' | sh -s -- -b /usr/local/bin from Source Need go1.14+ compiler installed and...

CVE-2021-22300

There is an information leak vulnerability in eCNS280TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods...

CVE-2021-22300

There is an information leak vulnerability in eCNS280TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

Design/Logic Flaw

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

CVE-2020-14247

Summary: CVE-2020-14247 affects HCL OneTest Performance versions 9.5, 10.0 and 10.1. The vulnerability arises from an inadequate session timeout, which could allow an attacker to guess and reuse a valid session ID. What’s affected: HCL OneTest Performance (V9.5, V10.0, V10.1). Root cause: Inadequ...

CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

Web-Brutator - Modular Web Interfaces Bruteforcer

Fast Modular Web Interfaces Bruteforcer Install python3 -m pip install -r requirements.txt Usage $ python3 web-brutator.py -h . / \ / \ \ | \ \ / | / | \ // // | \ | | /\ \ | \ \ \ \ / \ \ \ /\ /| \ \ // | | \ | | / | /| | / | | | / /\ / \ / | / || |/ || /| /|| / / / / / Version 0.2...

How to Change High Availability Timeout Settings

This article describes how to increase High Availability HA timeout, for pools in danger of fencing with, because of existing timeout values. Requirements Licensed XenServer Pool with three or more hosts A dedicated HA storage repository Background By default, the timeout settings for HA are...

Security Advisory - Information Leak Vulnerability in Huawei Products

There is an information leak vulnerability. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. Vulnerability ID: HWPSIRT-2020-01428 This vulnerability has...

Security Bulletin: A Session Timeout vulnerability affects IBM Rational Performance Tester

Summary IBM Rational Performance Tester contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. Vulnerability Details Third Party Entry: PSIRT-ADV0027326 DESCRIPTION: Created from Advisory: ADV0027326 CVSS Base score: 4.3 CVSS Vector:...

Fedora: Security Advisory for sudo (FEDORA-2021-324479472c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...