Lucene search
K

2566 matches found

Huntr
Huntr
added 2023/03/15 3:37 p.m.28 views

Session Fixation Vulnerability

Description It was noticed that the easyappointments application is vulnerable to Session Fixation vulnerability. The application does not generate a new easession cookie after the user authenticate successfully into the application. A malicious user is able to create a new session cookie value a...

6.8CVSS8.5AI score0.00668EPSS
Exploits1
GithubExploit
GithubExploit
added 2023/03/09 7:32 a.m.386 views

Exploit for Improper Access Control in Joomla Joomla\!

CVE-2023-23752 Introduction Open-source, Go-based multi-conc...

5.3CVSS6.6AI score0.99827EPSS
Exploits43
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.50 views

Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2018-15473)

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. - OpenSSH through 7.7 is prone to a...

5.9CVSS6.5AI score0.98631EPSS
Exploits23References21
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-2534

Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service server crash via simultaneous TCP connections from multiple clients that use the same client certificate...

2.6CVSS6.8AI score0.00967EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.2 views

SUSE CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service CPU consumption via a large number of simultaneous requests to list a web directory that has a large number of files...

5CVSS6.9AI score0.05954EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.1 views

SUSE CVE-2010-0172

toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorizati...

4.3CVSS9AI score0.01413EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1486

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...

3.3CVSS6.9AI score0.01199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.5 views

SUSE CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

5.9CVSS8.5AI score0.73622EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.3 views

SUSE CVE-2016-5242

The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...

5.6CVSS6.2AI score0.00342EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.4 views

SUSE CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

7.5CVSS9.4AI score0.16038EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.2 views

SUSE CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

8.1CVSS9.1AI score0.02815EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.4 views

SUSE CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...

5CVSS8.7AI score0.05968EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.5 views

SUSE CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

7CVSS7.6AI score0.00519EPSS
Exploits0References30
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-19364

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to for example a use-after-free outcome...

5.3CVSS6.9AI score0.0053EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.2 views

SUSE CVE-2019-17185

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...

7.5CVSS9.2AI score0.02168EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.4 views

SUSE CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

5.3CVSS6.8AI score0.57286EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

7.5CVSS7.3AI score0.02893EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.3 views

SUSE CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

4.4CVSS6.1AI score0.01347EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.4 views

SUSE CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.7AI score0.02979EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.2 views

SUSE CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

4.3CVSS6.2AI score0.00633EPSS
Exploits0References7
Rows per page
Query Builder