23 matches found
SUSE CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-9162
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...
CVE-2026-9162
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...
CVE-2026-9162 Global session revocation does not invalidate active WebSocket connections
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...
CVE-2026-9162
Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...
PT-2026-51322
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.17 Mattermost versions 11.5.x through 11.5.5 Mattermost versions 11.6.x through 11.6.2 Mattermost versions 11.7.x through 11.7.0 Description An issue exists where the system fails to invalidate cached...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
Linux Distros Unpatched Vulnerability : CVE-2026-52911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...
CVE-2026-44693
Pi-hole FTL contains a race condition in the HTTP session management subsystem (global session buffer) introduced with the v6.0 CivetWeb rewrite, allowing unauthenticated session hijacking. It affects versions prior to 6.6.1 and is patched in 6.6.1. CVSS v3.1 is 8.8 (Network, Privileges None, Use...
CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...
CVE-2026-49843
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
CVE-2026-41458
OwnTone Server versions 28.4–29.0 are affected by a race condition in the DAAP login handler that allows unauthenticated attackers to crash the server by flooding the /login endpoint due to unsynchronized access to the global DAAP session list. The CVE record indicates a fix in 29.1; upgrade to 2...
GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers
Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...
EUVD-2017-6654
Malware in sbrugna...
DEBIAN-CVE-2025-22041
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...
CVE-2024-50286
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...
DEBIAN-CVE-2024-50286
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...
Cacti cross-site scripting vulnerability (CNVD-2017-32248)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...
CVE-2017-15194
include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...