PYSEC-2026-50

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page.Earlier, unsupported Django series...

CVE-2026-35192 Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

[SECURITY] Fedora 35 Update: deepin-daemon-5.13.49-2.fc35

Daemon handling the DDE session settings...

Remote Code Execution (RCE)

WinSCP is vulnerable to remote code execution. The vulnerability exists because it does not prevent loading of session settings which allows an attacker to trigger a remote code execution via malicious URLs...

CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

Design/Logic Flaw

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

Codec H.265 not working in HDX session

H.265 not getting utilized in the HDX session with the below settings: Followed the link: https://docs.citrix.com/en-us/receiver/windows/current-release/improve/h-265-video-encoding.html Studio Policy set: 1. Graphic Status indicator - Disabled 2. Moving Image Compression - Disabled 3. Optimize...

Setting up session settings in Storefront 3.12

Configure the settings to control the end user experience and specific time out durations...

Receiver | keyboard language set on VDA is over ridden by the one set on the endpoint

User from non domain joined endpoint logs on the VDA Language set on the VDA is overridden by the one set on endpoint machine Receiver. We want to ensure that the keyboard language set on the VDA is the one user gets inside the session. In other words, keyboard language set on the endpoint Receiv...

CVE-2018-0533

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors...

UBUNTU-CVE-2015-5346

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a...

Debian DSA-2089-1 : php5 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by crashing the interpreter by the...