Lucene search
K

72 matches found

CNNVD
CNNVD
added 2024/05/29 12:0 a.m.4 views

PrivateGPT 安全漏洞

PrivateGPT is an AI project. PrivateGPT has a security vulnerability that stems from a lack of secure session management implementation and a weak CORS policy, resulting in a cross-site request forgery CSRF vulnerability. An attacker could use this vulnerability to trigger a data poisoning attack...

8.3CVSS6.8AI score0.00158EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.5 views

The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

7.8CVSS5.5AI score0.00313EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/04/12 12:9 p.m.17 views

Session Fixation

@festify/secure-session is vulnerable to a Session Fixation. This vulnerability is due to the session removal process where even after marking the session for deletion, an attacker could continue using it...

7.4CVSS7AI score0.00616EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/10 10:15 p.m.37 views

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.4AI score0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/10 9:59 p.m.41 views

CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.6AI score0.00616EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/10 9:59 p.m.23 views

CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.2AI score0.00616EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 9:59 p.m.57 views

CVE-2024-31999

The CVE-2024-31999 issue affects @festify/secure-session used with Fastify. The vulnerability arises in the session removal process: after a session is marked for deletion, an attacker who can access the cookie could continue to reuse it, effectively retaining access across requests. Public detai...

7.4CVSS7.4AI score0.00616EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/04/10 5:15 p.m.6 views

@artgenio/core (>=0.6.3 <=0.7.1), @assert-server/core (>=1.0.0 <=1.0.2) +21 more potentially affected by CVE-2024-31999 via @fastify/secure-session (>=4.1.1 <=7.1.0)

@fastify/secure-session NPM version =4.1.1, =0.6.3, =1.0.0, =1.1.2, =1.0.0, =1.0.1, =0.1.1, =0.1.0, =0.7.0, =1.0.8, =0.5.1, =0.1.4, =0.0.1, =0.0.1, =1.0.0-1, =1.0.0-3 and more Source cves: CVE-2024-31999 Source advisory: OSV:GHSA-9WWP-Q7WQ-JX35...

7.4CVSS7.1AI score0.00616EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.8 views

PT-2024-24349 · Npm · @Festify/Secure-Session

Name of the Vulnerable Software and Affected Versions: @festify/secure-session versions prior to 7.3.0 Description: The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they...

7.4CVSS6.8AI score0.00616EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

Fastify 安全漏洞

Fastify is an OpenJS Foundation open source web framework for Node.js. A security vulnerability exists in Fastify secure-session versions prior to 7.3.0, which stems from a vulnerability that allows an attacker to reuse a corrupted secure-session cookie...

7.4CVSS7.2AI score0.00616EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/02/02 3:45 a.m.4 views

SUSE CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

3.8CVSS8.4AI score0.01102EPSS
Exploits1References3
OSV
OSV
added 2024/01/27 1:15 a.m.3 views

CVE-2023-6482

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...

5.2CVSS5.8AI score0.00132EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/12/01 12:0 a.m.34 views

Apache Superset < 2.1.0 Secure Session Key

The version of Apache Superset installed on the remote host is affected a potential unsecure session key vulnerability. Installations that have not altered the default configured SECRETKEY according to the installation instructions, or that use a predictable key phrase, would allow for an...

9.8CVSS8.5AI score0.97405EPSS
Exploits20References4
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.5 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. An information disclosure vulnerability exists in phpMyFAQ versions prior to 3.2.2, which stems from the presence of sensitive cookies in an HTTPS session, and can be exploited by an attacker to obtain sensitive information...

6.3CVSS6AI score0.00287EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/04/21 10:32 p.m.50 views

CSRF token fixation in fastify-passport

The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...

6.5CVSS6.2AI score0.00384EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.4 views

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in versions of memos prior to 0.9.0, which stems from a sensitive cookie without security attributes in an HTTPS session...

6.5CVSS5.3AI score0.00376EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:1 a.m.29 views

Cross-site Scripting in bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

6.8CVSS0.5AI score0.00717EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/17 12:1 a.m.23 views

GHSA-GRW5-G9H2-WPG8 Cross-site Scripting in bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

6.8CVSS5.2AI score0.00717EPSS
Exploits1References4
Prion
Prion
added 2022/05/16 3:15 p.m.15 views

Design/Logic Flaw

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

3.5CVSS5.2AI score0.00717EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/05/16 3:15 p.m.40 views

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

6.8CVSS6.6AI score0.00717EPSS
Exploits1References3
Rows per page
Query Builder