CVE-2026-35901

The CVE-2026-35901 describes a handling issue in the RTSP service of Mercury MIPC252W (1.0.5 Build 230306 Rel.79931n). An authenticated attacker can trigger a denial-of-service by repeatedly sending SETUP requests for the same media track within a single RTSP session, causing the RTSP connection ...

CVE-2024-9928

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports onl...

After installing Single-session OS VDA, Windows Hello for Business cannot be disabled via Intune.

After installing Single-session OS VDA 2209 or 2203 LTSR CU2 or later, Windows Hello for Business can no longer be disabled via Microsoft Intune...

PT-2024-39943 · Nsd570 · Nsd570

Name of the Vulnerable Software and Affected Versions: NSD570 affected versions not specified Description: A vulnerability exists in the login panel of NSD570 that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the...

Default values of properties when creating a single-session OS static delivery group

When creating a single-session OS static delivery group, please be aware of the default values for its properties: AutomaticPowerOnForAssigned: True AutomaticPowerOnForAssignedDuringPeak: False These properties affect the behavior of assigned machines in the delivery group. Please refer to the...

Webcam name formats in ICA session

Summarize the webcam name formats in ICA session of single session Windows OS...

SUSE CVE-2011-0082

The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwante...

Uncontrolled Resource Consumption in node-opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

Denial Of Service (DoS)

org.springframework.security:spring-security-oauth2-client is vulnerable to denial of service DoS attacks. An attacker is able to cause resource exhaustion via sending multiple requests initiating the authorization request for the authorization code grant using a single session or multiple...

bash: popd controlled free

A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session...

CVE-1999-1559

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D control d character, which locks other users out of the switch because it only supports one session at a time...