Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017459 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory corruption by triggeri...

PT-2026-30002

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32942 PJSIP has ICE session use-after-free race conditions

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

PJSIP 资源管理错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained a resource management vulnerability caused by a race condition...

CLSA-2025-1752922753 nodejs: Fix of CVE-2024-27983

CVE-2024-27983: ensure to close stream when destroying session to prevent memory leak...

SUSE CVE-2023-52503

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdteeclosesession There is a potential race condition in amdteeclosesession that may cause use-after-free in amdteeopensession. For instance, if a session has refcount == 1, and o...

SUSE CVE-2021-34428

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...

jetty: SessionListener can prevent a session from being invalidated breaking logout

A flaw was discovered in the jetty-server, where if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts, this could result in a session not being...

CVE-2021-34428

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being...

Uzbey: All Active user sessions should be destroyed when user change his password!

Hello, There is an user sessions issue on your application that should be fixed. Proof of Concept ------------------------ Suppose, you have an account on uzbey Somehow an attacker manage to get your password and logged in your account.. after knowing that your ID has been compromised what you'll...

C2FO: All Active user sessions should be destroyed when user change his password!

Hello, There is an user sessions issue on your application that should be fixed. Proof of Concept ------------------------ Suppose, you have an account on C2FO app.c2fo.com. Somehow an attacker manage to get your password and logged in your account.. after knowing that your ID has been compromise...

IRCCloud: iOS application does not destroy session upon logout.

After a user logs out of the iOS application, the server should be destroying the user's session. However, this is not occurring in the iOS application. When the log out request is made, the following request and response is sent and received from the server: REQUEST: POST /apn-unregister HTTP/1....

two bytehoard 2.1 bugs

Application: Bytehoard Versions: 2.1 alpha to epsilon Release Date: 2007-11-26 Author: Ernesto Alvarez / Activesec SA Kudos to: Rodrigo Seguel / Activesec SA for suggesting the session destruction approach Contact info: ealvarez at activesec biz Developer response: None. No response to mail, foru...