Lucene search
K

51 matches found

OSV
OSV
added 2022/05/13 1:31 a.m.15 views

GHSA-MCQX-WC2J-QX9V GitHub Authentication Plugin session fixation vulnerability

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

5.9CVSS5.6AI score0.00852EPSS
Exploits0References4
NCSC
NCSC
added 2021/11/02 12:0 a.m.3 views

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

6.5CVSS7AI score0.04675EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/09/14 12:34 p.m.3 views

keycloak-model-infinispan: authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly could lead to a DoS attack

A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly. This issue leads to a denial of service...

7.5CVSS5.7AI score0.01129EPSS
Exploits0References4
Prion
Prion
added 2020/02/18 5:15 p.m.21 views

Privilege escalation

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access...

6.8CVSS7AI score0.02798EPSS
Exploits0References3Affected Software13
Cvelist
Cvelist
added 2019/08/07 2:20 p.m.42 views

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

7.5AI score0.01306EPSS
Exploits0References2
OSV
OSV
added 2019/08/06 7:15 p.m.5 views

UBUNTU-CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS5.8AI score0.01225EPSS
Exploits1References5
0day.today
0day.today
added 2019/04/16 12:0 a.m.79 views

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit

Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV...

4.6CVSS7AI score0.04352EPSS
Exploits2
OSV
OSV
added 2018/06/26 5:29 p.m.15 views

CVE-2018-1000602

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session...

5.9CVSS5.7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/04/19 12:0 a.m.6 views

The vulnerability of the software for managing devices in the OnCell Central Manager allows a hacker to gain administrator privileges.

The vulnerability of the login function in the RequestController class of the software tool for managing devices in the OnCell Central Manager network is related to the rigid encoding of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...

7.5CVSS7.5AI score0.01695EPSS
Exploits0References3Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2015/10/14 10:10 a.m.27 views

Security update for polkit (important)

Polkit was updated to 0.113 to fix four security issues. The following vulnerabilities were fixed: CVE-2015-4625: a local privilege escalation due to predictable authentication session cookie values. boo935119 CVE-2015-3256: various memory corruption vulnerabilities in use of the JavaScript...

4.6CVSS1.6AI score0.00415EPSS
Exploits0References4
n0where
n0where
added 2015/09/15 3:6 a.m.58 views

Offline WPS Bruteforce Utility: PixieWPS

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...

0.2AI score
Exploits0References2
Rows per page
Query Builder