5 matches found
CVE-2026-44693
Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...
CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...
Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2026-1644)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1644 advisory. According to upstream advisory https://community.openvpn.net/Security%20Announcements/CVE-2026-35058: OpenVPN server crash via ASSERT triggered by malformed tls-crypt-v2 packet; attacker with ...
The vulnerability of the sess_free_buffer() function in the fs/cifs/sess.c module of the SMB file system in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sessfreebuffer function in the fs/cifs/sess.c module of the SMB file system in Linux operating systems is related to the reallocation of previously released memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...