Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A null pointer dereference issue in destroyprevioussession has been fixed. If the -PreviousSessionId is set during the Kerberos session setup phase, a null pointer dereference error may occur. Since sess-user is not set ye...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38191)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38191 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in...

EUVD-2025-20065

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error...

ksmbd: fix null pointer dereference in destroy_previous_session

...

SUSE CVE-2025-38191

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess-user is not set yet, It can pass the user...

DEBIAN-CVE-2025-38191

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess-user is not set yet, It can pass the user...

UBUNTU-CVE-2025-38191

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess-user is not set yet, It can pass the user...

CVE-2025-38191 ksmbd: fix null pointer dereference in destroy_previous_session

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroyprevioussession If client set -PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess-user is not set yet, It can pass the user...

PT-2025-27966

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer dereference error occurs in the Linux kernel when a client sets the PreviousSessionId during the Kerberos session setup stage. This happens because sess-user is not set...

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

Jenkins plugin OpenId Connect Authentication 代码问题漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2023-33005

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...

CVE-2023-24456

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...

PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...

PT-2023-19604 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenID Plugin versions 2.4 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login. Recommendations: For Jenkins OpenID Plugin versions 2.4 and earlier, update to a version later...

CVE-2022-25896

A misleading session regeneration flaw was found in passport. When a user logs in or logs out, the session is regenerated instead of being closed. This flaw allows an attacker to use a previous session in particular environments. Mitigation Mitigation for this issue is either not available or the...

IBM Cloud Pak for Security Information Disclosure Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product's failure...