PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

OracleVM 3.3 / 3.4 : curl (OVMSA-2017-0059)

The remote OracleVM system is missing necessary patches to address critical security updates : - treat Negotiate authentication as connection-oriented CVE-2017-2628 - fix a bug in DNS caching code that causes a memory leak 1302893 - SSH: make CURLOPTSSHPUBLICKEYFILE treat '' as NULL 1260742 - use...

curl security and bug fix update

7.19.7-37.el65.3 - fix re-use of wrong HTTP NTLM connection CVE-2014-0015 - fix connection re-use when using different log-in credentials CVE-2014-0138 7.19.7-37.el65.2 - fix authentication failure when server offers multiple auth options 1096797 7.19.7-37.el65.1 - refresh expired cookie in test1...

CVE-2014-0906

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a 1 expired or 2 invalidated cookie...