51 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-68284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added...
org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...
EUVD-2024-37882
Malicious code in bioql PyPI...
EUVD-2024-0799
Malicious code in bioql PyPI...
EUVD-2025-0015
Malicious code in bioql PyPI...
EUVD-2025-20195
Malicious code in bioql PyPI...
EUVD-2025-20194
Malicious code in bioql PyPI...
EUVD-2022-36188
Malicious code in bioql PyPI...
CVE-2023-52440
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...
CVE-2021-21621
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user basic authentication details only" information, which can include the session ID of the user creating the support bundle in some configurations...
CVE-2019-1003019
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
Race Condition
pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...
CVE-2023-1907
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
PT-2024-2166 · Vmware +1 · Vmware Enhanced Authentication Plug-In +1
Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in affected versions not specified Description: The issue is related to a Session Hijack vulnerability in the Deprecated VMware Enhanced Authentication Plug-in. This could allow a malicious actor with...
SUSE CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
SUSE CVE-2018-1000173
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
JSA10617 - 2014-03 Security Bulletin: Pulse Connect Secure: Cross site scripting issue (CVE-2014-2291)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the web server. The issue exists within a...
GHSA-92PH-XM9V-CG3J Magento Broken authentication and session managememt
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...
GHSA-4PJX-86PG-X4J5 Jenkins SAML Plugin Session Fixation vulnerability
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. SAML Plugin 1.0.7 invalidates the previous session during login and create...