23 matches found
CVE-2026-45322
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...
CVE-2026-45322 OS Command Injection in Microsoft UFO Shell Action Replay via Stored Session JSON
Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...
PT-2026-28576
Name of the Vulnerable Software and Affected Versions MCP Ruby SDK versions prior to 0.9.2 Description The Ruby SDK for Model Context Protocol servers and clients contains a session hijacking issue in its streamable http transport.rb implementation. An attacker obtaining a valid session ID can...
Session Fixation
Overview Affected versions of this package are vulnerable to Session Fixation in the authentication process when callbackmode is set to direct. An attacker can gain unauthorized access to a victim's session by initiating an authentication request and tricking the victim into visiting a crafted UR...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005004)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005004 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found...
EUVD-2019-8782
Malware in sbrugna...
SUSE CVE-2021-47232
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to...
UBUNTU-CVE-2021-47232
In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to...
Jenkins Security Inspector Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
DEBIAN-CVE-2022-25304
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...
CVE-2022-25304
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...
CVE-2022-24381
All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g...
ASNeG OPC UA Stack 安全漏洞
ASNeG OPC UA Stack is an open source framework open source by ASNeG Germany. It is used to develop and distribute OPC UA client/server applications. A security vulnerability exists in ASNeG OPC UA Stack that stems from the lack of a limit on the number of received blocks total number per session ...
Denial of Service (DoS)
Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An...
PT-2024-11240 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a Use-after-Free problem in the Linux kernel, specifically in the can: j1939 module. The problem occurs when a skb is taken from the per-session skb queue witho...
F5 Networks BIG-IP : BIG-IP APM logging disclosure vulnerability (K37890841)
The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated administrators of the system. C Tenable...
CVE-2019-19150
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...
CVE-2019-18833
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure issue 2 of 2.. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An...
Design/Logic Flaw
The ETSI Enterprise Transport Security ETS, formerly known as eTLS protocol does not provide per-session forward secrecy...
CVE-2019-9191
The ETSI Enterprise Transport Security ETS, formerly known as eTLS protocol does not provide per-session forward secrecy...