CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2023-54258

CVE-2023-54258 affects the Linux kernel CIFS/SMB client code. The vulnerability stems from a race between deferred closes and lease breaks in cifs_oplock_break, where an unmount (kill_sb) could observe an invalid tcon->ses if not properly synchronized. The documented fix orders the checks befo...

CVE-2023-54258 cifs: fix potential oops in cifs_oplock_break

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifsoplockbreak With deferred close we can have closes that race with lease breaks, and so with the current checks for whether to send the lease response, oplockresponse, this can mean that an unmount...

PT-2025-54087

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the CIFS implementation, specifically in the cifs oplock break function. A race condition can occur with deferred close operations and lease break...

Keycloak does not invalidate offline sessions when the offline_access scope is removed

A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...

CVE-2025-12110

A flaw was found in Keycloak. An offline session continues to be valid when the offlineaccess scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and...

EUVD-2020-3032

Malware in sbrugna...

EUVD-2019-2176

Malware in sbrugna...

Astra Linux - уязвимость в openvpn

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

SUSE CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...

Security update for openvpn

This update for openvpn fixes the following issues: CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session bsc1227546 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

IBM Security Verify Directory和IBM Security Directory Integrator 代码问题漏洞

IBM Security Verify Directory and IBM Security Directory Integrator are both products of International Business Machines IBM.IBM Security Verify Directory is part of an authentication and access management solution.IBM Security Directory Integrator is an integrated development environment and...

OESA-2024-1840 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

CVE-2024-28882

OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

ALPINE-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

ZenML Code Issue Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...