Denial Of Service (DoS)

tomcat-coyote/tomcat-embed-core is vulnerable to denial of service. The vulnerability exists due to an incomplete fix of CVE-2019-0199 which is due to the lack of timeout idling streams and keeping the idle streams open without any read/write and request/response data...

tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not...

Pydio Core <= 8.2.2 Information Disclosure Vulnerability - Active Check

Pydio Core is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pydio:pydio";...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

Information disclosure

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

CVE-2019-10046 affects Pydio 8.2.2 and is an information-disclosure vulnerability where an unauthenticated attacker can obtain details about the application configuration (e.g., session timeout, libraries, license information). Public sources (NVD, RH Red Hat advisory, OpenVAS entry) describe it ...

Password Cracker: Databases

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from the mssqlhashdump, mysqlhashdump, postgreshashdump, or oraclehashdump modules. Passwords that have been successfully cracked are then saved as proper credentials. Due to the complexity of some of t...

CVE-2019-5626 BlueCats Reveal Android App Insecure Storage

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage 30 days of no user activity. This can allow an attacker to compromise the affected BlueCats networ...

MiniUPnP MiniUPnPd code issue vulnerability (CNVD-2019-14713)

MiniSSDPd is a daemon for managing SSDPs on Posix systems. MiniUPnP A code issue vulnerability exists in the GetOutboundPinholeTimeout of the upnpsoap.c file used for remport in MiniUPnP MiniUPnPd 2.1 and earlier versions. The vulnerability stems from an improperly designed or implemented code...

Denial Of Service (DoS)

Apache HTTPD is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection to cause the target service to fail to timeout...

DEBIAN-CVE-2019-12109

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for remport...

UBUNTU-CVE-2019-12108

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for intport...

DEBIAN-CVE-2019-12108

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for intport...

UBUNTU-CVE-2019-12109

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for remport...

dotnet: timeouts for regular expressions are not enforced

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981...

MiniUPnP MiniUPnPd code issue vulnerability (CNVD-2019-14712)

MiniSSDPd is a daemon for managing SSDPs on Posix systems. MiniUPnP A code issue vulnerability exists in the GetOutboundPinholeTimeout of the upnpsoap.c file used for intport in MiniUPnP MiniUPnPd 2.1 and earlier versions. The vulnerability stems from an improperly designed or implemented code...

PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...

Denial Of Service (DoS)

HTTPS NIO Connector is vulnerable to Denial Of Service DoS attacks. The component Socket Handler's functionality is affected by opening a socket and not sending an SSL handshake which results in a read-timeout vulnerability...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp, when used in configurations with modproxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP Apache JServ Protocol CPing request was responded to by...