Lucene search
K

170 matches found

Cvelist
Cvelist
added 2022/11/22 12:0 a.m.25 views

CVE-2022-36179

Fusiondirectory 1.3 suffers from Improper Session Handling...

9.7AI score0.01117EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2022/11/22 12:0 a.m.24 views

CVE-2022-36179

Fusiondirectory 1.3 suffers from Improper Session Handling...

9.8CVSS9AI score0.01117EPSS
Exploits1
Veracode
Veracode
added 2022/11/16 3:15 a.m.17 views

Improper Session Management

rdiffweb is vulnerable to Improper Session Management. The vulnerability exists because the library does not invalidate all the session tokens for a user on a password change, resulting in users logged in with the old password to continue being logged in...

9.8CVSS8.9AI score0.00876EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.81 views

CVE-2022-40843

Affected product: Tenda AC1200 V-W15Ev2 (W15Ev2, firmware version V15.11.0.10(1576)). Vulnerability: Improper authorization/improper session management allows bypassing the router login page. This can lead to reading the router’s syslog.log file which contains the MD5 password of the Administrato...

4.9CVSS5AI score0.28802EPSS
In wildExploits1References1Affected Software1
Prion
Prion
added 2022/09/23 7:15 p.m.18 views

Session fixation

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...

7.5CVSS9.2AI score0.00883EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2022/09/23 6:13 p.m.8 views

CVE-2022-40630 Improper Session Management Vulnerability in Tacitine Firewall

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...

6.5CVSS9.4AI score0.00883EPSS
Exploits0References2
Veracode
Veracode
added 2022/09/16 9:14 p.m.25 views

Denial Of Service (DoS)

wolfSSL is vulnerable to denial of service. The vulnerability exists when client connects to a wolfSSL server and SSLclear due to improper session handling which allows an attacker to cause an application crash...

7.5CVSS7AI score0.02121EPSS
Exploits2References8Affected Software1
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.4 views

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, USA. The platform supports SCADA data acquisition and monitoring systems, HMI human machine interface and more. A security vulnerability exists in Inductive Automation Ignition...

9.8CVSS8.3AI score0.01634EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.10 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper session management, allows a perpetrator to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to improper session management. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

6.8CVSS6.1AI score0.00844EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/01/10 2:12 p.m.3 views

CVE-2022-22283

Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App...

3.3CVSS5.8AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2022/01/07 10:39 p.m.153 views

CVE-2022-22283

Samsung Health suffers from an improper session management vulnerability that prevents logging out. Multiple connected sources indicate affected versions are prior to 6.20.1.005. The issue stems from session handling that could allow access to sensitive data after account status changes or device...

3.3CVSS4.2AI score0.00204EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/10/10 10:15 a.m.23 views

CVE-2021-25966

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...

8.8CVSS0.01024EPSS
Exploits1References2
Prion
Prion
added 2021/10/10 10:15 a.m.12 views

Session fixation

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...

6.5CVSS8.7AI score0.01024EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/10/10 9:45 a.m.46 views

CVE-2021-25966

CVE-2021-25966 affects Orchard Core CMS: versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change, allowing a user who was already logged in to retain access even after the password is changed. The connected sources provide explicit details on aff...

8.8CVSS8.8AI score0.01024EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/10 9:45 a.m.5 views

CVE-2021-25966 Orchard Core CMS - Improper Session Termination after Password Change

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even aft...

8.8CVSS7.2AI score0.01024EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 1:39 p.m.23 views

SANS Experts: 4 Emerging Enterprise Attack Techniques

In a recent report, a panel of SANS Institute experts broke down key takeaways and emerging attack techniques from this year’s RSA Security Conference. The long and short of it? This next wave of malicious methodologies isn’t on the horizon — it’s here. When it comes to supply-chain and ransomwar...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2021/04/12 8:53 p.m.16 views

CVE-2021-22497 Advanced Authentication Improper Session Management

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue...

3.8CVSS7.3AI score0.00761EPSS
Exploits0References1
CVE
CVE
added 2021/04/12 8:53 p.m.56 views

CVE-2021-22497

CVE-2021-22497 affects Advanced Authentication versions prior to 6.3 SP4 . The underlying issue is an improper session management that can lead to a potential broken authentication . According to the provided metrics, the CVSS v3.1 base score is 7.2 (HIGH) with a network attack vector and low att...

7.2CVSS5.6AI score0.00761EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/26 7:50 p.m.14 views

CVE-2021-21308 Improper session management for soft logout

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...

6.1CVSS9.2AI score0.01049EPSS
Exploits0References3
NVD
NVD
added 2020/12/16 4:15 p.m.18 views

CVE-2019-14480

AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges...

9.8CVSS9.9AI score0.01116EPSS
Exploits1References2
Rows per page
Query Builder