77 matches found
Fedora 40 : proftpd (2025-d37ad923f5)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d37ad923f5 advisory. This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to cras...
USN-7108-1: AsyncSSH vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...
kernel: smb: client: fix UAF in smb2_reconnect_server()
A flaw was found in the smb client in the Linux kernel. A potential use-after-free error was seen in the smb2reconnectserver function. This issue can lead to the crash of a client user session...
K37890841: BIG-IP APM logging disclosure vulnerability CVE-2019-19150
Security Advisory Description The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated...
PT-2023-9028 · Unknown +11 · Crypto/Tls +11
Name of the Vulnerable Software and Affected Versions: crypto/tls versions prior to the fixed version Description: The issue is related to large handshake records that may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records, which can cause servers and client...
MGASA-2021-0313 Updated live packages fix security vulnerabilities
Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors CVE-2019-15232...
Unspecified vulnerability in Ratpack (CNVD-2021-52414)
Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...
CVE-2020-28390
A vulnerability has been identified in Opcenter Execution Core V8.2, Opcenter Execution Core V8.3. The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords o...
CVE-2020-28390
A vulnerability has been identified in Opcenter Execution Core V8.2, Opcenter Execution Core V8.3. The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords o...
AdRem NetCrunch Authorization Issues Vulnerability
Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. AdRem NetCrunch 10.6.0.4587 suffers from an authorization issue...
Security fix for the ALT Linux 9 package openvpn version 2.4.9-alt1
2.4.9-alt1 built Nov. 19, 2020 Nikolay A. Fetisov in task 261903 Nov. 16, 2020 Nikolay A. Fetisov - New version - Security fixes: + CVE-2020-11810: race condition allowes one client kills other client session via false client floating Closes: 39122...
F5 Networks BIG-IP : BIG-IP APM logging disclosure vulnerability (K37890841)
The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated administrators of the system. C Tenable...
CVE-2019-19150
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...
CVE-2019-19150
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...
CVE-2019-19150
The CVE-2019-19150 issue affects BIG-IP APM and causes the system to log the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. Affected versions per published advisories include 15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1, 1...
CVE-2019-19150
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...
F5 BIG-IP APM Log Leakage Vulnerability
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.2, and 14.0.0 through 14.0.1, which stems...
Live555 Streaming Media < 2019.08.16 Use-After-Free Vulnerability - Linux
Live555 Streaming Media is prone to a Use-After-Free vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-15232
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors...
Design/Logic Flaw
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors...