Lucene search
K

76 matches found

NVD
NVD
added 2020/04/15 4:15 p.m.11 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS7.8AI score0.01588EPSS
Exploits0References5
NVD
NVD
added 2020/04/15 4:15 p.m.18 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS9.4AI score0.01879EPSS
Exploits1References4
OSV
OSV
added 2020/04/15 4:15 p.m.17 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS6.5AI score
Exploits0References4
OSV
OSV
added 2020/04/15 4:15 p.m.1 views

DEBIAN-CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS8.5AI score0.01879EPSS
Exploits1References1
OSV
OSV
added 2020/04/15 4:15 p.m.14 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS9.4AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/04/15 4:15 p.m.21 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS7.2AI score0.01879EPSS
Exploits1References3
Prion
Prion
added 2020/04/15 4:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

7.5CVSS9.2AI score0.01879EPSS
Exploits1References4Affected Software2
UbuntuCve
UbuntuCve
added 2020/04/15 4:15 p.m.18 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS7.2AI score0.01588EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/04/15 3:37 p.m.23 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

8.4AI score0.01588EPSS
Exploits0References5
CVE
CVE
added 2020/04/15 3:37 p.m.69 views

CVE-2020-11728

CVE-2020-11728 affects DAViCal Andrew's Web Libraries (AWL) up to version 0.60. The flaw is weak session management: session keys are not hard-to-guess, enabling impersonation via guessed microsecond time and incrementing session_id. Debian/DSA-4660-1 and USN-4539-1 describe fixed versions (e.g.,...

7.5CVSS7.3AI score0.01588EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2020/04/15 3:37 p.m.19 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS7.8AI score0.01588EPSS
Exploits0
Cvelist
Cvelist
added 2020/04/15 3:37 p.m.23 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.3AI score0.01879EPSS
Exploits1References4
CVE
CVE
added 2020/04/15 3:37 p.m.78 views

CVE-2020-11729

CVE-2020-11729 affects DAViCal Andrew's Web Libraries (AWL) up to version 0.60. Long-term session cookies are not generated securely, enabling a brute-force-style session hijack. Debian/DLA-2178-1 fixes these issues by updating awl to 0.60-1+deb10u1 (and earlier 0.57-1+deb9u1). If deploying AWL, ...

9.8CVSS9.1AI score0.01879EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2020/04/15 3:37 p.m.16 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful...

9.8CVSS8.5AI score0.01879EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/12/16 12:0 a.m.40 views

Debian DLA-2034-1 : davical security update

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 'Jessie', these problems have been fixed in version 1.1.3.1-1+deb8u1. We recommend that you upgrade your davical packages. NOTE: Tenable Network Security has extracted th...

9.3CVSS6.8AI score0.02242EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2019/12/16 12:0 a.m.34 views

Debian DSA-4582-1 : davical - security update

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4582. The text itself is copyright C Software ...

9.3CVSS6.8AI score0.02242EPSS
Exploits6References8
OpenVAS
OpenVAS
added 2019/12/15 12:0 a.m.34 views

Debian: Security Advisory (DSA-4582-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7AI score0.02242EPSS
Exploits6References4
OpenVAS
OpenVAS
added 2019/12/15 12:0 a.m.29 views

Debian: Security Advisory (DLA-2034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7AI score0.02242EPSS
Exploits6References3
Debian
Debian
added 2019/12/14 5:43 a.m.124 views

[SECURITY] [DLA 2034-1] davical security update

Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...

9.3CVSS6.7AI score0.02242EPSS
Exploits6
OSV
OSV
added 2019/12/14 12:0 a.m.15 views

DLA-2034-1 davical - security update

Bulletin has no description...

9.3CVSS7AI score0.02242EPSS
Exploits6
Rows per page
Query Builder