Missing XML Validation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing XML Validation of the NotOnOrAfter timestamp in SubjectConfirmationData when SAML is configured to ac...

EUVD-2007-4634

Malware in sbrugna...

EUVD-2007-0899

Malware in sbrugna...

EUVD-2007-0900

Malware in sbrugna...

EUVD-2006-3015

Malware in sbrugna...

EUVD-2010-1161

Malware in sbrugna...

EUVD-2022-3220

Malicious code in bioql PyPI...

SUSE-SU-2025:20395-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087: Fixed Integer Overflow in SQLite concat Function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very lar...

SUSE-SU-2025:20323-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...

OpenVPN Server versions 2.6.0 <= 2.6.10 Session Extension Vulnerability

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208125; scriptversion"1.3";...

SUSE CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

DEBIAN-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

GHSA-3FQM-FRHG-7C85 Graylog user session is still usable after logout

Summary In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Details Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the...

PT-2023-5707 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 5.0.9 Graylog versions prior to 5.1.3 Description: The issue is related to the incorrect session expiration in a multi-node Graylog cluster. After a user has explicitly logged out, a user session may still be used fo...

SUSE CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

SUSE CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption...

SUSE CVE-2007-0905

PHP before 5.2.1 allows attackers to bypass safemode and openbasedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383...

SUSE CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...

SUSE CVE-2007-1700

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the...