Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6AI score0.00217EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/26 2:47 a.m.92 views

curl: TLS conn reuse and session cache ignore fsslctx callback and ssl_config_data flags ( incomplete fix variant of 7541ae569 )

Summary matchsslprimaryconfig in lib/vtls/vtls.c:194 and the session-cache key built by cfsslpeerkeybuild in lib/vtls/vtlsscache.c:240 both compare only struct sslprimaryconfig fields when deciding whether to reuse a TLS connection or cached session. Several fields that materially change the TLS...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/11 5:17 a.m.5 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

10CVSS7.1AI score0.01945EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.8 views

RockyLinux 10 : skopeo (RLSA-2026:3343)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3343 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion i...

10CVSS6AI score0.01945EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.6 views

RockyLinux 9 : runc (RLSA-2026:3291)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3291 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

10CVSS6AI score0.01945EPSS
Exploits3References7
OSV
OSV
added 2026/02/25 12:0 a.m.9 views

ALSA-2026:3291 Important: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...

10CVSS6AI score0.01945EPSS
Exploits3References8
OSV
OSV
added 2026/02/05 6:16 p.m.12 views

AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS6.7AI score0.00765EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0258

Malware in sbrugna...

5.4CVSS5.4AI score0.00644EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2462

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01706EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.5 views

CVE-2022-2888

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...

4.4CVSS6.7AI score0.00284EPSS
Exploits1References1
NVD
NVD
added 2025/05/07 11:15 p.m.23 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS0.01119EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/18 12:0 a.m.17 views

CVE-2024-24539

FusionPBX before 5.2.0 does not validate a session...

6.8AI score0.00526EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 6:15 p.m.11 views

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

9.8CVSS0.01447EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/05 12:0 a.m.6 views

Siemens OZW672 and OZW772 Data Read/Write Vulnerability

Siemens OZW672 and OZW772 are both building controller products from Siemens, Germany. A data read/write vulnerability exists in the Siemens OZW672 and OZW772. An attacker can exploit the vulnerability to read and write historical measurement data under certain conditions, or read and modify data...

6.5CVSS6.8AI score0.00761EPSS
Exploits0References1
OSV
OSV
added 2014/07/20 12:0 a.m.4 views

UBUNTU-CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

5CVSS7.2AI score0.06523EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2012/12/27 11:47 a.m.18 views

CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...

2.6CVSS5.9AI score0.02432EPSS
Exploits1References2
Vulnerability Lab
Vulnerability Lab
added 2011/10/17 12:0 a.m.24 views

Skype Software Vulnerabilities - 0 Day Exploitation 2011

Document Title: =============== Skype Software Vulnerabilities - 0 Day Exploitation 2011 References: =========== Document: https://www.vulnerability-lab.com/resources/documents/293.pdf Speaker: https://conference.hitb.org/hitbsecconf2011kul/?pageid=1757 Conference Mirror:...

0.6AI score
Exploits0
CERT
CERT
added 2003/06/04 12:0 a.m.30 views

Sun Ray Smartcard reader may leave desktop session open when card is quickly removed

Overview The Sun Ray Smartcard reader fails to properly detect a "quick removal, reinsertion and removal of a Smartcard." Description The Sun Ray is a thin client computing device designed to process user input and output, and provide access to computing services hosted by a server. Authenticatio...

6.9AI score
Exploits0References3
Rows per page
Query Builder