453 matches found
CVE-2016-6249
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...
CVE-2017-5544
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout each of the login attempts will occupy a...
phpMyAdmin 4.4.15.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Information Disclosure
Binary data 9856.prm...
Update Rollup 10 for System Center 2012 R2 Orchestrator - Service Provider Foundation
Update Rollup 10 for System Center 2012 R2 Orchestrator - Service Provider Foundation Introduction This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 R2 Orchestrator - Service Provider Foundation. It also contains the installation instructions fo...
So you want to expose Go on the Internet
I was asked to contribute a post to the excellent Gopher Academy advent series. I took the occasion to write down what I learned deploying a Go service on the Cloudflare edge. The result is a catalogue of what you need to know before you drop NGINX from in front of your Go server. The net/http pa...
Extremely Fast Flexible Web Fuzzer: Filebuster
Extremely Fast Flexible Web Fuzzer Filebuster was built based on one of the fastest HTTP classes in the world of PERL – Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. Features It packs a ton of features like: The already mentioned Regex patterns Supports...
openSUSE Security Update : dbus-1 (openSUSE-2016-1206)
This update for dbus-1 to version 1.8.22 fixes several issues. This security issue was fixed : - boo1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. These non-security issues were fixed : - boo978477: Correctly reset timeouts for pending fi...
[SECURITY] Fedora 23 Update: php-guzzlehttp-guzzle-5.3.1-1.fc23
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and ta kes the pain out of consuming web services. Pluggable HTTP adapters that can send requests serially or in parallel Doesn't require cURL, but uses cURL by default Streams data for both uploads and downloads Provides event...
[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle-5.3.1-1.fc24
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and ta kes the pain out of consuming web services. Pluggable HTTP adapters that can send requests serially or in parallel Doesn't require cURL, but uses cURL by default Streams data for both uploads and downloads Provides event...
The complete guide to Go net/http timeouts
I got an occasion to do a deep dive into net/http recently, and wrote a post about all the different timeouts you can set on the client and server side. How they work, how they interact and how to use them. The complete guide to Go net/http timeouts | CloudFlare Blog archive...
Getting Started with Citrix Secure Mail
The purpose of this getting started guide is to provide a reference document with key information about Citrix Citrix Secure Mail. Navigation: What is Secure Mail? Citrix Secure Mail Connection Modes List of Supported Mail Servers Citrix Secure Mail w/ IBM Notes Supported File Formats Push...
American Fuzzy Lop Utilities: afl-utils
Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization afl-utils is a collection of utilities to assist fuzzing with american-fuzzy-lop afl . afl-utils includes tools for: automated crash sample collection, verification, reduction and analys...
Scientific Linux Security Update : openhpi on SL7.x x86_64 (20151119)
It was found that the '/var/lib/openhpi' directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. CVE-2015-3248 The openh...
openhpi security update
CentOS Errata and Security Advisory CESA-2015:2369 Updated openhpi packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerabilit...
Low: Red Hat Security Advisory: openhpi security, bug fix, and enhancement update
Updated openhpi packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Ubuntu: Security Advisory (USN-2621-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : PostgreSQL vulnerabilities (USN-2621-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2621-1 advisory. Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the...
kernel security and bug fix update
kernel 2.6.18-404.0.0.0.1 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function...
kernel security and bug fix update
2.6.32-431.29.2 - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094457 1094458 CVE-2014-0205 - net vxlan: fix NULL pointer dereference Jiri Benc 1114549 1096351 CVE-2014-3535 2.6.32-431.29.1 - mm hugetlb: ensure hugepage access is denied if hugepages are not supported Gustav...
kernel security and bug fix update
kernel 2.6.18-371.12.1.0.1 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add getuserpagesfast orabug 14277030 - oprofile export getuserpagesfast function orabug 14277030 - oprofile oprofile, x86: Fix nmi-unsafe...