Lucene search
K

192 matches found

Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.8 views

PT-2024-8964 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions prior to 9.2.2 Description: The issue is related to weaknesses in the authentication procedure of Brocade Fabric OS, allowing a remote attacker to hijack a service session. This could be achieved through...

7.1CVSS9.5AI score0.00243EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.7 views

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to establish a VPN session on a vulnerable device.

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to the absence of authentication procedures. Exploiting this vulnerability allows a...

5CVSS5.5AI score0.00333EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/05/14 3:42 p.m.2 views

CVE-2024-3794

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

4.8CVSS5.8AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:42 p.m.1 views

CVE-2024-3792

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...

4.8CVSS5.9AI score
Exploits0References1
CNVD
CNVD
added 2024/03/18 12:0 a.m.63 views

Delinea PAM Secret Server Security Bypass Vulnerability

Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...

8.4CVSS7.2AI score0.0059EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.6 views

Delinea PAM Secret Server 安全漏洞

Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...

8.4CVSS6.9AI score0.0059EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.7 views

PT-2024-1361 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE V5 version 9.3.5u.6255 B20211224 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N200RE router's firmware, specifically concerning incorrect session expiration. This can allow a remote attack...

4.3CVSS4.6AI score0.00657EPSS
Exploits1References11
OSV
OSV
added 2024/01/09 11:15 p.m.4 views

CVE-2024-0350

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...

6.5CVSS4.4AI score0.00478EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.6 views

PT-2023-32763 · Thecosy · Icecms

Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS versions up to 2.0.1 Description: A critical vulnerability was found in Thecosy IceCMS, allowing remote attackers to manage user sessions. The manipulation affects unknown code and can be initiated remotely. The exploit has bee...

6.5CVSS7.3AI score0.00641EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/11/15 1:57 a.m.2 views

SUSE CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS9.2AI score0.00867EPSS
Exploits0References3
OSV
OSV
added 2023/11/14 3:15 a.m.3 views

UBUNTU-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.27 views

AsyncSSH Security Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References6
OSV
OSV
added 2023/11/09 6:35 p.m.4 views

GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

8.1CVSS5.8AI score0.00867EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.5 views

The vulnerability of the libspdm library, related to the absence of an authentication procedure that allows attackers to intercept user sessions

The vulnerability of the libspdm library is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to intercept a user’s session remotely...

9CVSS7.5AI score0.00943EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.18 views

HPE MSA Storage Session Reuse (HPESBST03940)

The version of HPE MSA Storage installed on the remote host is prior to GL225P002-02, VE270P002-02, or VL270P002-02. It is, therefore, affected by a vulnerability as referenced in the HPESBST03940 advisory. - A remote session reuse vulnerability leading to access restriction bypass was discovered...

10CVSS7.2AI score0.02067EPSS
Exploits0References3
Citrix
Citrix
added 2023/07/05 12:0 a.m.11 views

Monitor Stays Black After Terminating a Remote session on Remote PC.

Black screen on Remote PC after disconnecting. Session appears to be hung or unresponsive...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-2964

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...

6.8CVSS7.3AI score0.01517EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.2 views

SUSE CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS6.6AI score0.01548EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.4 views

SUSE CVE-2014-2066

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

6.8CVSS6.6AI score0.02061EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5338

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

8.8CVSS7.4AI score0.00786EPSS
Exploits0References3
Rows per page
Query Builder