CVE-2010-5067

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

SUSE CVE-2025-37951

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

DEBIAN-CVE-2025-37982

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251txwork The skb dequeued from txqueue is lost when wl1251pselpwakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to txqueue...

UBUNTU-CVE-2025-37982

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251txwork The skb dequeued from txqueue is lost when wl1251pselpwakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to txqueue...

CVE-2025-37982 wifi: wl1251: fix memory leak in wl1251_tx_work

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251txwork The skb dequeued from txqueue is lost when wl1251pselpwakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to txqueue...

CVE-2025-37951

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

DEBIAN-CVE-2025-37951

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

UBUNTU-CVE-2025-37951

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

CVE-2025-37951 drm/v3d: Add job to pending list if the reset was skipped

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...

CVE-2025-37951

CVE-2025-37951 affects the Linux kernel DRM/V3D path. When a CL/CSD job times out, if the GPU progressed, the kernel may skip the reset, keeping the job running; however, timedout_job() removes the job from the pending list, so it may not be freed, causing a memory leak. A patch adds the job back...

NetScaler Gateway - App launch failure Error: "Session reconnection timeout"

Users attempts to launch an application externally via NetScaler Gateway and observed the below error Application launch fails consistently and the behavior is same with both web browser and the Citrix Workspace Application...

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

CVE-2025-46741

A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred...

kernel: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRTSOCKUPDTIMEOUT when reset transport Since transport-sock has been set to NULL during reset transport, XPRTSOCKUPDTIMEOUT also needs to be cleared. Otherwise, the xstcpsetsockettimeouts may be triggered in...

kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

kernel: scsi: ufs: core: Fix handling of lrbp->cmd

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp-cmd ufshcdqueuecommand may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the...

CVE-2025-46741 Improper Privilege Management

A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the incorrect expiration time of sessions, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

DEBIAN-CVE-2025-37886

In the Linux kernel, the following vulnerability has been resolved: pdscore: make waitcontext part of qinfo Make the waitcontext a full part of the qinfo struct rather than a stack variable that goes away after pdscadminqpost is done so that the context is still available after the wait loop has...