Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for High Value Payments is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555)

Summary Login session may not be invalidated in a timely manner on timeout. Vulnerability Details CVEID: CVE-2020-4555 DESCRIPTION: IBM Financial Transaction Manager for High Value Payments for Multi-Platform does not invalidate session after logout which could allow an authenticated user to...

LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...

openSUSE Security Update : nsd (openSUSE-2020-2222)

This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : - Merge PR 141: ZONEMD RR type. BUG FIXES : - Fix that symlink does not interfere with chown of pidfile boo1179191, CVE-2020-28935 - Fix 128: Fix that the invalid port number is logged fo...

Security update for nsd (moderate)

openSUSE Security Update: Security update for nsd Announcement ID: openSUSE-SU-2020:2222-1 Rating: moderate References: 1157331 1179191 Cross-References: CVE-2019-13207 CVE-2020-28935 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

Gitlab Denial of Service Vulnerability (CNVD-2020-70850)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A denial of service vulnerability exists in all versions ...

timeout_io (>=0.2.0 <=0.2.7) potentially affected by CVE-2020-36438 via tiny_future (=0.3.2)

tinyfuture CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on tinyfuture and may be impacted: - timeoutio =0.2.0, =0.2.7 Source cves: CVE-2020-36438 Source advisory: OSV:RUSTSEC-2020-0118...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A denial of service vulnerability exists in all versions ...

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

Exploit for Use After Free in Microsoft

Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit This script i...

GaussDB Kernel: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a reference...

openGauss: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenc...

kernel: kernel stack information leak on s390/s390x

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

receiving subscription objects with deleted session

Original Message: Hi, I create objects with one client with an ACL of all users with a specific column value. Thats working so far. Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant crea...

Open-Xchange: Guard WKS lookup: Evil WKS server forces connections to last forever

Any logged-in user can cause denial of service against the AppSuite server by asking Guard to fetch keys from a badly-behaving WKS server. This WKS server's response never ends, tying up a java process and TLS connection forever. Any logged-in user can cause denial of service against the AppSuite...