18 matches found
CVE-2026-5066
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...
curl: TLS conn reuse and session cache ignore fsslctx callback and ssl_config_data flags ( incomplete fix variant of 7541ae569 )
Summary matchsslprimaryconfig in lib/vtls/vtls.c:194 and the session-cache key built by cfsslpeerkeybuild in lib/vtls/vtlsscache.c:240 both compare only struct sslprimaryconfig fields when deciding whether to reuse a TLS connection or cached session. Several fields that materially change the TLS...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
RockyLinux 10 : skopeo (RLSA-2026:3343)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3343 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion i...
RockyLinux 9 : runc (RLSA-2026:3291)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3291 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...
ALSA-2026:3291 Important: runc security update
The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...
AZL-76665 CVE-2025-68121 affecting package msft-golang for versions less than 1.24.12-1
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...
EUVD-2020-0258
Malware in sbrugna...
EUVD-2022-2462
Malicious code in bioql PyPI...
CVE-2022-2888
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...
CVE-2025-35939
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...
CVE-2024-24539
FusionPBX before 5.2.0 does not validate a session...
CVE-2021-45330
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...
Siemens OZW672 and OZW772 Data Read/Write Vulnerability
Siemens OZW672 and OZW772 are both building controller products from Siemens, Germany. A data read/write vulnerability exists in the Siemens OZW672 and OZW772. An attacker can exploit the vulnerability to read and write historical measurement data under certain conditions, or read and modify data...
UBUNTU-CVE-2014-4342
MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...
CVE-2012-5868
WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...
Skype Software Vulnerabilities - 0 Day Exploitation 2011
Document Title: =============== Skype Software Vulnerabilities - 0 Day Exploitation 2011 References: =========== Document: https://www.vulnerability-lab.com/resources/documents/293.pdf Speaker: https://conference.hitb.org/hitbsecconf2011kul/?pageid=1757 Conference Mirror:...
Sun Ray Smartcard reader may leave desktop session open when card is quickly removed
Overview The Sun Ray Smartcard reader fails to properly detect a "quick removal, reinsertion and removal of a Smartcard." Description The Sun Ray is a thin client computing device designed to process user input and output, and provide access to computing services hosted by a server. Authenticatio...