CVE-2021-28682

CVE-2021-28682 affects Envoy (through 1.71.1) with a remotely exploitable integer overflow triggered by an extremely large grpc-timeout value that leads to incorrect timeout calculations. The vulnerability details are corroborated across connected sources (BIT-ENVOY-2021-28682, OSV entries) and s...

PT-2021-17902 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.71.1 Description: A remotely exploitable integer overflow issue exists due to a very large grpc-timeout value, leading to unexpected timeout calculations. Recommendations: For versions prior to 1.71.1, update to a...

The vulnerability of Firefox’s requestPointerLock() and setTimeout() methods allows a intruder to gain unauthorized access to protected information.

The vulnerabilities of the requestPointerLock and setTimeout methods in Firefox browsers stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow an attacker to gain unauthorized access to protected information...

SaltStack Salt Information Gatherer

This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list denied, pre, rejected, accepted 2. minion hostname/ip/os depending on module settings 3. SLS 4. roster, any SSH keys are...

PT-2024-11175 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a double free on completion race in the io uring component of the Linux kernel. Specifically, it involves the io link timeout fn function and the removal of...

Elastic Kibana Timeout Bypass Vulnerability (ESA-2021-07)

Kibana is prone to a timeout bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Design/Logic Flaw

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

Summary of CVE-2021-22136 : A timeout-bypass vulnerability in Kibana affects versions before 7.12.0 and 6.8.15 where the xpack.security.session.idleTimeout is not respected due to background polling, allowing sessions to outlive intended timeouts. Reported in the NVD/NVD-derived entry for Kibana,...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Elastic Stack Kibana 代码问题漏洞

Elastic Stack Kibana is an application from the American company Elastic Stack. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. A security vulnerability exists in Kibana prior to versions 7.12.0 and 6.8.15. The...

Cisco Adaptive Security Appliance Software SIP DoS (cisco-sa-asaftd-sipdos-3DGvdjvg)

According to its self-reported version, the SIP inspection process of Cisco Firepower Threat Defense FTD Software is affected by denial of service vulnerability due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from t...

Cisco Firepower Threat Defense Software SIP DoS (cisco-sa-asaftd-sipdos-3DGvdjvg)

According to its self-reported version, the SIP inspection process of Cisco Firepower Threat Defense FTD Software is affected by denial of service vulnerability due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from t...

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to session timeout errors, which allow attackers to trigger a device reboot or cause a service failure.

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to session timeout errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service...

Elastic Stack Kibana 资源管理错误漏洞

Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate within Elastic Stack. A resource management error vulnerability exists in Kibana that stems from a lack of a timeout or a limit on t...

Denial Of Service (DoS)

servicemesh-proxy is vulnerable to denial of service. An attacker is able to crash the application by sending a malicious packet that specifies a large grpc-timeout, causing envoy to incorrectly calculate the timeouts...

Microsoft RDP Web Client Login Enumeration

Enumerate valid usernames and passwords against a Microsoft RDP Web Client by attempting authentication and performing a timing based check against the provided username. Module Options msf use auxiliary/scanner/http/rdpweblogin msf auxiliaryrdpweblogin show actions ...actions... msf...

CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command...

envoyproxy/envoy: integer overflow handling large grpc-timeouts

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...