1611 matches found
CVE-2023-53052
CVE-2023-53052 is a Linux kernel vulnerability in the CIFS/DFS codebase, where a use-after-free (UAF) bug occurred when DFS root sessions were kept alive in cifs_umount() during the DFS cache refresher. The fix makes DFS root sessions have the same lifetime as DFS tcons to prevent IPCs from acces...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the refreshcacheworker function accessing a freed DFS session at umount, which could lead to reuse after...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ice driver not disabling the txq interrupt before refreshing the hardware, which could lead to null...
DEBIAN-CVE-2022-49882
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache Reject kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a vali...
CVE-2022-49882 KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache Reject kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a vali...
CVE-2022-49882
CVE-2022-49882 concerns the Linux kernel KVM gfn_to_pfn_cache handling. The issue arises when the cache is inactive but refreshed without verifying the active flag, potentially leaving a valid but inactive cache and enabling use-after-free scenarios (e.g., dereferencing NULL kernel pointers or mi...
Meon KYC 授权问题漏洞
Meon KYC is a solution from Meon India. Meon KYC suffers from an authorization issue vulnerability that stems from the mishandling of access and refresh tokens by certain API endpoints during the authentication process, which could lead to unauthorized access to other user accounts...
CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...
CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...
fence-agents security update
4.10.0-76.6 - fenceibmvpc: refresh bearer-token if token data is corrupt, and avoid edge-case of writing empty token file Resolves: RHEL-83487 4.10.0-76.5 - bundled jinja2: fix CVE-2025-27516 Resolves: RHEL-82712...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
dotnet: Privilege Escalation Vulnerability in .NET SignInManager.RefreshSignInAsync Method
A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync function method, which does not verify the identity of the calling TUser, allowing an attacker to escalate privileges to that of another user. Remediation Upgrade...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...
CVE-2025-27403
The CVE describes a vulnerability in Ratify where Azure authentication providers could exchange an Entra ID token for an ACR refresh token without verifying that the target registry is an Azure Container Registry. This could allow EID tokens with ACR access to be exposed if a workload references ...
Fedora 40 : man2html (2025-a778f51bce)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a778f51bce advisory. Refresh patches Add -std=gnu17 to CFLAGS to fix the build 042-man2html-CVE-2021-40647.patch Add more patches from Debian Tenable has extracted the preceding...
drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
...