openGauss: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenc...

kernel: kernel stack information leak on s390/s390x

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

receiving subscription objects with deleted session

Original Message: Hi, I create objects with one client with an ACL of all users with a specific column value. Thats working so far. Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant crea...

Open-Xchange: Guard WKS lookup: Evil WKS server forces connections to last forever

Any logged-in user can cause denial of service against the AppSuite server by asking Guard to fetch keys from a badly-behaving WKS server. This WKS server's response never ends, tying up a java process and TLS connection forever. Any logged-in user can cause denial of service against the AppSuite...

PT-2020-14328 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions 4.3.0 Description: The issue allows clients with expired sessions to still receive subscription objects because Parse Server broadcasts events to all clients without checking if the session token is valid. It is not...

CVE-2020-3555

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service DoS condition. The...

CVE-2020-3436

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected devic...

Race condition

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service DoS condition. The...

CVE-2020-3555 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service DoS condition. The...

CVE-2020-3436 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected devic...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

How to Configure ICA Session Timeout Values for Access Gateway Enterprise Edition Sessions

This article describes how to configure different ICA session timeout values for the same ICA-published resource when Access Gateway Enterprise Edition is using secure gateway proxy mode. This involves creating an additional ICA listener on each XenApp server, modifying the terminal server settin...

Radius Challenge Response Timeout Between NetScaler Gateway and Radius Server

When using two-factor challenge/response authentication through RADIUS, the NetScaler Gateway imposes a session timeout for the RADIUS challenge/response dialogue. In case of SMS token code delivery, there might be long delays between the challenge displayed to the user and the actual submission ...

Traffic Management Logout Functionality on NetScaler

This article covers the Traffic Management TM logout functionality on NetScaler which is added in 10.0 and 9.3.e releases. The TM logout functionality triggers AAA session logout on traffic action hit. NetScaler can be configured for "Initiate Logout" option in the TM traffic profile. The followi...

VulnCheck KEV: CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

CVE-2020-3408

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...

DEBIAN-CVE-2020-10773

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

UBUNTU-CVE-2020-10773

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

Security Bulletin: Query Parameter in SSL vulnerability in IBM Operations Analytics - Log Analysis

Summary When session timeout occurs, Log Analysis UI asks to re-enter the password. Requests sent over SSL contain the query parameter name, value or combination of values like username and password. Vulnerability Details Third Party Entry: PSIRT-ADV0022529 DESCRIPTION: Created from Advisory:...

Unspecified Vulnerability in Tridium Niagara and Niagara Enterprise Security

Niagara is a suite of platforms for supporting device and application connectivity. A security vulnerability exists in Tridium Niagara and Niagara Enterprise Security that stems from a timeout during the TLS handshake, where the program is unable to interrupt the connection, which can be exploite...