VMware Instant Recovery Times Out

Challenge Instant VM recovery of a VMware VM fails after at least 30 minutes with the error: Failed to publish VM Cause Veeam Backup & Replication implements timeouts for most operations to protect against hangs. However, even when no process is hung, timeouts may occur due to significant...

Recommended update for chromium (important)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...

Could not sign CSR Caused by: java.net.SocketTimeoutException: connect timed out

After configuring Client Certificate Authentication for XMS but you do not see a Client Certificate Request on the Issuing Server 2016-06-27T13:01:11.409+0000 | | ERROR | http-nio-10080-exec-1 | EWSession | Exception on certificate issuer com.zenprise.zdm.pki.spi.IssuingServiceException: Could no...

CVE-2016-6338

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Fedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)

6.2.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to Content-Length in PHP StreamHandler to avoid timeouts when a server does not honor Connection:...

Fedora 23 : php-guzzlehttp-guzzle6 (2016-9c8cf5912c) (httpoxy)

6.2.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to Content-Length in PHP StreamHandler to avoid timeouts when a server does not honor Connection:...

Palo Alto Networks PAN-OS 7.0.x < 7.0.5 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a deni...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

A vulnerability exists in the doipvsgetctl function in the Linux kernel’s net/netfilter/ipvs/ipvsctl.c file, due to the lack of initialization for certain structures related to the IPVSSOGETTIMEOUT command. Exploiting this vulnerability allows local users to access confidential information from t...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

CVE-2016-5109 - Authentication bypass vulnerability in Citrix Worx Home for iOS and Citrix MDX Toolkit for iOS

Description of Problem A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit. An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication is required. This vulnerability...

OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...

ETX-R vulnerable to cross-site request forgery

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3572)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3572 advisory. 2.6.39-400.280.1 - Fix cpu bootup stall with large cpu count Zhenzhong Duan Orabug: 23481040 - megaraidsas : Update threshold based reply post host index...

JVN#61317238: ETX-R vulnerable to cross-site request forgery

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workarounds may mitigate the...

Ubiquiti airOS - Arbitrary File Upload (Metasploit)

Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth fi...

ICA Session Gets Disconnected When the Web Session Times Out

ICA session gets disconnected when the web session times out...