CVE-2026-22050

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which could allow a privileged remote attacker to set the snapshot expiry time to none...

CVE-2025-4643 Lack of JWT Expiration after Log Out in PayloadCMS

Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...

CVE-2024-9681

A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

CVE-2024-9681 HSTS subdomain overwrites parent cache entry

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

CVE-2024-9681

The CVE describes a vulnerability in curl where, when HSTS is used, a subdomain’s Strict-Transport-Security expiry can bleed into the parent domain, causing http://[example] to be redirected to HTTPS for an incorrect time window. This can cause HTTP requests to example.com to be unexpectedly serv...

CVE-2024-34709 Directus Lacks Session Tokens Invalidation

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directussession gets destroyed and the cookie gets deleted but if the cookie value is...

Expiry time is of no use

Lines of code Vulnerability details Impact DelegateToken holder can withdraw before expiry. Even if the principalToken holder extends the time it is of no use. And anyone can withdraw any delegateTokenId and send all the tokens to their address. Proof of Concept The withdraw function in the...

Session Fixation

graylog2-server is vulnerable to Session Fixation. The vulnerability exists because a node may still have the session cached even when a user has explicitly logged out, which allows the session to still be used for API requests until it has reached its original expiry time...

TYPO3 Password Reset Vulnerability (TYPO3-CORE-SA-2022-008)

TYPO3 is prone to a password reset vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if description...

Security Bulletin: Vulnerability in httpd (CVE-2018-17199 and CVE-2018-1301).

Summary The Apache HTTP Server, httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size lim...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2020-0066)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2020-0110)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is...

RHEL 7 : httpd (RHSA-2020:1121)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1121 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Session Management

modsessioncookie has improper session management as it does not respect expiry time...

openSUSE Security Update : apache2 (openSUSE-2019-305)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed : -...

openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:0305-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : apache2 (openSUSE-2019-296)

This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 - CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed : -...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0498-1)

This update for apache2 fixes the following issues : Security issues fixed : CVE-2018-17189: Fixed a denial of service in modhttp2, via slow and unneeded request bodies bsc1122838 CVE-2018-17199: Fixed that modsessioncookie did not respect expiry time bsc1122839 Non-security issue fixed:...