UBUNTU-CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Error: "Connection Timed Out (0x4c126035) When Connecting to vDisk on Citrix Provisioning Services

Error 1 : "Connection timed out 0x4c126035 with tftp://0.0.0.0/ARDBP32.bin"" Error 2 :"Could not boot from file name “ARDP32.bin”"...

RHEL 6 : rhev-hypervisor (RHSA-2015:1713)

Updated rhev-hypervisor packages that fix multiple security issues, several bugs, and add various enhancements are now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

WPS attack tool: Penetrator-WPS

This is experimental tool that is capable of attacking multiple WPS-enabled wireless access points in real time Penetrator-WPS utilizes the pixie-dust attack every time it receives M3 message, unless it is disabled with -P – pixie-dust requires pixiewps to be installed. Installation First, you ne...

Fedora 21 : php-5.6.13-1.fc21 (2015-14976)

03 Sep 2015, PHP 5.6.13 Core: Fixed bug 69900 Too long timeout on pipes. Anatol Fixed bug 69487 SAPI may truncate POST data. cmb Fixed bug 70198 Checking liveness does not work as expected. Shafreeck Sea, Anatol Belski Fixed bug 70172 Use After Free Vulnerability in unserialize. Stas Fixed bug...

CVE-2015-1841

The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...

Authorization

The Web Admin interface in Red Hat Enterprise Virtualization Manager RHEV-M allows local users to bypass the timeout function by selecting a VM in the VM grid view...

Red Hat Enterprise Virtualization Hypervisor Local Unauthorized Access Vulnerability

Red Hat Enterprise Virtualization Hypervisor is a virtualization solution hypervisor. The Red Hat Enterprise Virtualization Hypervisor WEB management interface fails to properly handle session timeouts when a VM is selected in the VM Grid view, and local users have access to other WEB interfaces...

RHEV-M: webadmin automatic logout fails if VM is selected

It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended...

curl security, bug fix, and enhancement update

7.19.7-46 - require credentials to match for NTLM re-use CVE-2015-3143 - close Negotiate connections when done CVE-2015-3148 7.19.7-45 - reject CRLFs in URLs passed to proxy CVE-2014-8150 7.19.7-44 - use only full matches for hosts used as IP address in cookies CVE-2014-3613 - fix handling of...

MGASA-2015-0271 Updated openssh package fixes security vulnerability

In Portable OpenSSH before 6.9p1, when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh CVE-2015-5352...

openssh: XSECURITY restrictions bypass

When forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh coupled with "fail open" behaviour in the X11 server when clients attempted...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

CentOS Update for kernel CESA-2015:1042 centos5

Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882189";...

PostgreSQL Multiple Vulnerabilities (May 2015) - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

CentOS 5 : kernel (CESA-2015:1042)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

kernel security update

CentOS Errata and Security Advisory CESA-2015:1042 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS...

Double free

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...