CLSA-2026-1779358008 Fix CVE(s): CVE-2026-5773

SECURITY UPDATE: libcurl may reuse the wrong connection for SMBS transfers, leading to access of an unintended SMB share with the same credentials. - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS in lib/url.c by returning early from ConnectionExists when the requested...

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

Katalyst Koi 代码问题漏洞

Katalyst Koi is an open-source framework developed by Katalyst Interactive for building and managing backend features. Versions of Katalyst Koi prior to 4.20.0 and 5.6.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the administrator session cookie did not expir...

MiracleLinux 7 : httpd-2.4.6-93.0.1.el7.AXS7 (AXSA:2020-006:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-006:01 advisory. httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: Out of bounds write in modauthnzldap when using too small Accept-Language...

RockyLinux 10 : libsoup3 (RLSA-2025:19720)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:19720 advisory. libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup CVE-2025-4945 Tenable has extracted the preceding description block directly from the...

RLSA-2025:19720 Low: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Oracle Linux 10 : libsoup3 (ELSA-2025-19720)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19720 advisory. - Revert 'Fix handling of invalid dates in cookie expires attribute CVE-2025-11021' - Fix handling of invalid dates in cookie expires attribute CVE-2025-11021...

SUSE-SU-2025:03091-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup bsc1243314...

UBUNTU-CVE-2022-48989

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookielru and usecookie If a cookie expires from the LRU and the LRUDISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscacheusecookie and begin t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a competitive condition in the fscache component when a cookie expires...

CVE-2023-37570

This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system...

Nakama 代码问题漏洞

Nakama is a distributed server for social and real-time games and applications. A code issue vulnerability exists in Nakama that stems from the fact that session cookies do not expire upon logout and can therefore be used after logout...

CVE-2021-27924

An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires...

openSUSE Security Update : links (openSUSE-2019-2185)

This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

OPENSUSE-SU-2019:2185-1 Security update for links

This update for links fixes the following issues: links was updated to 2.20.1: libevent bug fixes links was updated to 2.20: Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

Security update for links (moderate)

openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...

SUSE-SU-2019:0888-2 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

SUSE-SU-2019:0888-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

OPENSUSE-SU-2019:0296-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed: -...

SUSE-SU-2019:0504-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed: -...