Lucene search
K

164 matches found

CNNVD
CNNVD
added 2025/05/05 12:0 a.m.3 views

BeyondTrust Privileged Remote Access 安全漏洞

BeyondTrust Privileged Remote Access BeyondTrust PRA is a privileged remote access software from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privileged Remote Access versions prior to 25.1 that stems from a local authentication bypass that could lead to unauthorized session...

7.8CVSS6.5AI score0.00173EPSS
Exploits1References2
CVE
CVE
added 2025/04/24 9:25 a.m.52 views

CVE-2021-47663

CVE-2021-47663 describes an improper JSON Web Tokens implementation that allows an unauthenticated remote attacker to guess a valid session ID and impersonate a user to gain full access. Documented impact includes high confidentiality, integrity, and availability degradation (C/H/I/A). The provid...

8.1CVSS7.4AI score0.00374EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:15 p.m.2 views

DEBIAN-CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...

8.8CVSS5.7AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:19 a.m.4 views

CVE-2025-0501

An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle...

7.7CVSS7AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:15 a.m.5 views

CVE-2025-0500

An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...

7.7CVSS7AI score0.00494EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/06 12:0 a.m.5 views

Amazon DCV Client <= 2023.1.8993 MITM

The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

7.7CVSS5.5AI score0.00494EPSS
Exploits0References2
CVE
CVE
added 2025/01/15 6:21 p.m.58 views

CVE-2025-0501

CVE-2025-0501 affects the native Amazon WorkSpaces clients (PCoIP) and is described as allowing an attacker to access remote sessions via man‑in‑the‑middle, due to a trust management issue (as noted by multiple sources). The issue is associated with high impact across confidentiality, integrity, ...

7.7CVSS7.5AI score0.00445EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/15 6:20 p.m.6 views

CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients

An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...

7.7CVSS7.5AI score0.00494EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.23 views

Amazon多款产品 信任管理问题漏洞

Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...

7.7CVSS6.4AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.5 views

PT-2025-3927 · Amazon · Amazon Workspaces

Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. Recommendations: At the...

7.7CVSS7AI score0.00445EPSS
Exploits0References8
OSV
OSV
added 2024/12/11 5:48 p.m.19 views

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

9.3CVSS4.7AI score0.19621EPSS
Exploits0References4
OSV
OSV
added 2024/11/15 4:46 p.m.16 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS6.3AI score0.00529EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.4 views

New-Ringer-Server 安全漏洞

New-Ringer-Server is the server code for a Ringer messaging application open-sourced by Lif Platforms. A security vulnerability exists in versions of New-Ringer-Server prior to 1.3.1 that stems from loading a message route without checking that the user loading the session is actually a member of...

7.1CVSS6.9AI score0.00342EPSS
Exploits0References3
OSV
OSV
added 2024/08/02 11:8 a.m.5 views

OESA-2024-1937 plasma-workspace security update

Plasma 5 libraries and runtime components Security Fixes: KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to...

7.8CVSS7.8AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/23 12:0 a.m.4 views

PT-2024-22696 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.1.4 Description: The issue arises when a user's session is not invalidated after logout. Upon successful login, the Backend service returns an "Authorization" credential, which can still be used to initiate...

9.1CVSS9.1AI score0.00788EPSS
Exploits0References7
CVE
CVE
added 2024/05/19 8:34 a.m.156 views

CVE-2024-35870

CVE-2024-35870: Linux kernel SMB client flaw (UAF in smb2_reconnect_server) traced to smb2_reconnect_server() accessing a session being torn down by __cifs_put_smb_ses(). Root cause is a race with ses_status being changed concurrently. The fix unconditionally sets ses_status to SES_EXITING and pr...

4.4CVSS6.5AI score0.00228EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/27 7:18 p.m.10 views

CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

8.7CVSS8.1AI score0.0076EPSS
Exploits0References10
OSV
OSV
added 2024/02/12 7:15 p.m.5 views

CVE-2022-34311

IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446...

4.3CVSS5.8AI score0.00359EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.5 views

IBM CICS TX Standard Security Vulnerability

IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM CICS TX Standard that stems from insufficient...

4.3CVSS6.2AI score0.00359EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

Xantech WIC1200 Cross-Site Scripting Vulnerability

The Xantech WIC1200 is a Web Intelligent Controller from Xantech. A cross-site scripting vulnerability exists in the Xantech WIC1200 version 1.1, which originates from the fact that an authenticated user can store a malicious JavaScript load in the device model parameter via...

5.5CVSS6AI score0.00293EPSS
Exploits0References2
Rows per page
Query Builder