26 matches found
CVE-2026-40939
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-40939
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
Data Sharing Framework 代码问题漏洞
Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained code vulnerabilities. These vulnerabilities stemmed from OIDC authentication sessions not having a maximum...
CVE-2026-5376 runZero Platform session timeout failure
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2026-5376 runZero Platform session timeout failure
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2025-25195 Zulip events can leak private channel names
Zulip is an open source team chat application. A weekly cron job added in 50256f48314250978f521ef439cafa704e056539 demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users in...
Uptime Kuma has Persistentent User Sessions
Summary Attackers with access to a users' device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity-periods. Details uptime-kuma sets JWT tokens for users after successful authentication. These tokens have...
CVE-2015-5361
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions gates are specific to source and destination IPs and ports of client and server. The design intent of the...
Design/Logic Flaw
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions gates are specific to source and destination IPs and ports of client and server. The design intent of the...
PT-2020-7862 · Juniper Networks · Srx +1
Name of the Vulnerable Software and Affected Versions: SRX affected versions not specified Description: The issue arises from the ftps-extensions option, which is disabled by default. This option is intended to provide functionality similar to regular, unencrypted FTP traffic when the SRX secures...
PT-2019-16881 · Ibm · Ibm Tivoli Storage Productivity Center
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Productivity Center versions 5.2.1 through 5.2.17 Description: The issue allows users to remain idle within the application even after logging out, and by utilizing the application's back button, users can remain logged in...
Sessions never expire due to continuous XHR
Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...
Sessions never expire due to continuous XHR
Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...
Security Bulletin: Privilege Escalation vulnerability affects Cognos Analytics (CVE-2016-8960)
Summary Cognos Analytics is vulnerable to a privilege escalation attack that could grant a user the Capabilities of another. Vulnerability Details CVEID: CVE-2016-8960 DESCRIPTION: IBM Cognos Business Intelligence could allow a user with lower privilege Capabilities to adopt the Capabilities of a...
CVE-2016-5109 - Authentication bypass vulnerability in Citrix Worx Home for iOS and Citrix MDX Toolkit for iOS
Description of Problem A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit. An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication is required. This vulnerability...
Authentication Prompt Not Honoring Inactivity/Session Timeout Values on XenMobile
Authentication prompt is not honoring inactivity timeout value XenMobile 9.0 or the session timeout value specified XenMobile 10.0...
Ubuntu: Security Advisory (USN-1716-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 12.10 : gnome-screensaver vulnerability (USN-1716-1)
It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session. Note that Tenable Network...