Security Vulnerabilities
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-13
Solstice::Session versions through 1440 for Perl generates session ids insecurely.
The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.
The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution.
The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers.
Predictable session ids could allow an attacker to gain access to systems.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-04-13
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-04-13
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-13
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-13
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-04-13
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-04-13
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-13
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.
CVSS Score
4.1
EPSS Score
0.0
Published
2026-04-13
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
CVSS Score
6.6
EPSS Score
0.0
Published
2026-04-13