30 matches found
UBUNTU-CVE-2026-43916
pamauthnft is a PAM session module binding nftables firewall rules to...
CVE-2026-43916
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
Linux Distros Unpatched Vulnerability : CVE-2013-10075
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile...
Apache::Session::Generate::MD5 安全漏洞
Apache::Session::Generate::MD5 is a session management module provided by the Apache Foundation. Versions of Apache::Session::Generate::MD5 prior to 1.94 contained security vulnerabilities. These vulnerabilities stemmed from the recreation of deleted sessions, which could lead to the restoration ...
Linux Distros Unpatched Vulnerability : CVE-2026-5081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...
CVE-2026-3256
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...
Linux Distros Unpatched Vulnerability : CVE-2025-40931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The...
CVE-2025-40931
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come fro...
CVE-2018-25160
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject...
EUVD-2025-27539
Malicious code in bioql PyPI...
CVE-2025-10225
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10225 Incorrect Memory Allocation in OpenSSL-Based Session Module in AxxonSoft Axxon One (C-Werk)
Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...
CVE-2025-10225
CVE-2025-10225 affects AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows, in the OpenSSL-based session module. The issue is an improper restriction of operations within a memory buffer (CWE-119) that can trigger memory reallocation errors when handling expired session keys under high load...
PT-2025-37044
Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions 2.0.6 and earlier Description: A flaw exists in the OpenSSL-based session module that, under high load conditions, can lead to application crashes or unpredictable behavior. This is due to memory reallocation erro...
AxxonSoft AxxonOne 安全漏洞
AxxonSoft AxxonOne is a video surveillance and security management software from AxxonSoft Ireland. A security vulnerability exists in AxxonSoft AxxonOne version 2.0.6 and prior versions, which stems from improperly restricted memory buffer manipulation in the OpenSSL-based session module, and...
MAL-2025-33015 Malicious code in session-jmodule (npm)
The package session-jmodule was found to contain malicious code...
Ubuntu: Security Advisory (USN-320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-29480
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...
Default configuration
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...
CVE-2021-29480
CVE-2021-29480 affects Ratpack prior to 1.9.0, where the client-side session module uses the application startup time as the signing key by default. If an attacker can determine this time and encryption is not enabled, session data could be tampered with via cookie manipulation. As of Ratpack 1.9...