CVE-2016-7042

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

HTTP 1.1 Gateway timeout error while accessing internal websites from Secure Web

HTTP 1.1 Gateway timeout error while accessing internal websites from Secure Web when traffic is tunneled through the NetScaler. This issue occurs when the MDX Policy is set for Secure Browse. If the preferred VPN mode on the app is set to FULL VPN TUNNEL, then the issue will not occur...

MYSQL Directory Write Test

Enumerate writeable directories using the MySQL SELECT INTO DUMPFILE feature, for more information see the URL in the references. Note: For every writable directory found, a file with the specified FILENAME containing the text test will be written to the directory. This module requires Metasploit...

VMware Instant Recovery Times Out

Challenge Instant VM recovery of a VMware VM fails after at least 30 minutes with the error: Failed to publish VM Cause Veeam Backup & Replication implements timeouts for most operations to protect against hangs. However, even when no process is hung, timeouts may occur due to significant...

Recommended update for chromium (important)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...

Could not sign CSR Caused by: java.net.SocketTimeoutException: connect timed out

After configuring Client Certificate Authentication for XMS but you do not see a Client Certificate Request on the Issuing Server 2016-06-27T13:01:11.409+0000 | | ERROR | http-nio-10080-exec-1 | EWSession | Exception on certificate issuer com.zenprise.zdm.pki.spi.IssuingServiceException: Could no...

CVE-2016-6338

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Fedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)

6.2.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to Content-Length in PHP StreamHandler to avoid timeouts when a server does not honor Connection:...

Fedora 23 : php-guzzlehttp-guzzle6 (2016-9c8cf5912c) (httpoxy)

6.2.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to Content-Length in PHP StreamHandler to avoid timeouts when a server does not honor Connection:...

HTTP Proxy header vulnerability

Addressing HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/. Please update to this version of Guzzle in order to mitigate the vulnerability when sending Guzzle requests inside of a CGI application. - Fixing timeout bug with StreamHandler - Only read up to Content-Length in...

Palo Alto Networks PAN-OS 7.0.x < 7.0.5 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a deni...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...

The vulnerability of the Linux operating system allows a malicious individual to gain access to confidential information from the kernel’s stack memory.

A vulnerability exists in the doipvsgetctl function in the Linux kernel’s net/netfilter/ipvs/ipvsctl.c file, due to the lack of initialization for certain structures related to the IPVSSOGETTIMEOUT command. Exploiting this vulnerability allows local users to access confidential information from t...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

CVE-2016-5109 - Authentication bypass vulnerability in Citrix Worx Home for iOS and Citrix MDX Toolkit for iOS

Description of Problem A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit. An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication is required. This vulnerability...

OracleVM 3.2 : kernel-uek (OVMSA-2016-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - IPoIB: increase send queue size to 4 times Ajaykumar Hotchandani - IB/ipoib: Change send workqueue size for CM mode Ajaykumar Hotchandani Orabug: 22287489 - Avoid 60sec timeout when receiving rtpg sen...

ETX-R vulnerable to cross-site request forgery

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...