CVE-2024-23322

Envoy proxy vulnerability set (CVE-2024-23322 and related CVEs 23323–23327). The primary issue (CVE-2024-23322) triggers a crash when hedge_on_per_try_timeout, per_try_idle_timeout, and per-try-timeout are enabled and their timings overlap within the idle backoff interval. The advisories state th...

CVE-2024-23322 Envoy crashes when idle and request per try timeout occur within the backoff interval

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3. per-try-timeout...

CVE-2024-23322 Envoy crashes when idle and request per try timeout occur within the backoff interval

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3. per-try-timeout...

PT-2024-2768 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.29.1 Envoy versions prior to 1.28.1 Envoy versions prior to 1.27.3 Envoy versions prior to 1.26.7 Description: The issue is related to a use-after-free error in the Envoy proxy server. Exploitation of this issue may...

Intermittent error "An existing connection was forcibly closed by the remote host" on Citrix DAAS.

Intermittently session launch fails for Citrix Daas . If the user tries a few times it may be possible to launch an application or desktop. The failure reason is recorded as "Connection Timeout" . This error may also be seen . "Failed to connect to the server for your session ''NameofApplication'...

kernel: use-after-free in smb2_is_status_io_timeout()

A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region,...

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

Saltstack Minion Payload Deployer

This exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. Module Options msf use exploit/linux/local/saltstacksaltminiondeployer msf exploitsaltstacksaltminiondeployer show targets...

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

PT-2024-2000 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the hisi acc vfio pci module in the Linux kernel. When the optional PRE COPY support was added to speed up the device compatibility check, it failed to...

GitLab 8.10 < 14.5.4 / 14.6 < 14.6.4 / 14.7 < 14.7.1 (CVE-2022-0488)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes...

CVE-2023-51079

DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...

mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

GHSA-H63J-XQX6-W58R mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

PT-2025-32442

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: This issue resolves a timeout error occurring in the Bluetooth btnxpuart driver during power save stress testing. The problem arises when the power save mechanism activates UART break...

MVEL Security Vulnerabilities

MVEL is a hybrid dynamic/static typed, embeddable expression language and Java platform runtime open-sourced by MVEL. A security vulnerability exists in MVEL v2.5.0 Final that stems from a timeout error in the ParseTools.subCompileExpression method...

CVE-2023-51079

CVE-2023-51079 is a DoS vulnerability in MVEL’s ParseTools.subCompileExpression() causing timeout under crafted requests. IBM’s bulletin ties this to IBM Business Automation Manager Open Editions (BAMOE) 9.0.0–9.1.1, recommending BAMOE 9.2.0 as the fix. Red Hat advisory for Apache Camel build als...

Denial Of Service

gitlab:sid is vulnerable of Denial Of Service. The vulnerability is due to by adding a large string in timeout input in gitlab-ci.yml file. It allow an attacker to effect all versions in GitLab CE/EE and leads to regular expression denial of service...

After upgrade to 14.1 ADC GUI response is slow resulting in operation timeout with tacacs auth

After upgrading Citrix ADC to version 14.1-8.50 from version 13.1, users are facing management GUI access issue with Tacacs authentication. Almost all pages are opening very slowly and are giving error Operation timeout. Disabling RbaOnResponse resolves the issue as a workaround...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...