76 matches found
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
DEBIAN-CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
Design/Logic Flaw
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2020-11728
CVE-2020-11728 affects DAViCal Andrew's Web Libraries (AWL) up to version 0.60. The flaw is weak session management: session keys are not hard-to-guess, enabling impersonation via guessed microsecond time and incrementing session_id. Debian/DSA-4660-1 and USN-4539-1 describe fixed versions (e.g.,...
CVE-2020-11728
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...
CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
CVE-2020-11729
CVE-2020-11729 affects DAViCal Andrew's Web Libraries (AWL) up to version 0.60. Long-term session cookies are not generated securely, enabling a brute-force-style session hijack. Debian/DLA-2178-1 fixes these issues by updating awl to 0.60-1+deb10u1 (and earlier 0.57-1+deb9u1). If deploying AWL, ...
CVE-2020-11729
An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...
Debian DLA-2034-1 : davical security update
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 'Jessie', these problems have been fixed in version 1.1.3.1-1+deb8u1. We recommend that you upgrade your davical packages. NOTE: Tenable Network Security has extracted th...
Debian DSA-4582-1 : davical - security update
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4582. The text itself is copyright C Software ...
Debian: Security Advisory (DSA-4582-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2034-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2034-1] davical security update
Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...
DLA-2034-1 davical - security update
Bulletin has no description...