164 matches found
BeyondTrust Privileged Remote Access 安全漏洞
BeyondTrust Privileged Remote Access BeyondTrust PRA is a privileged remote access software from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privileged Remote Access versions prior to 25.1 that stems from a local authentication bypass that could lead to unauthorized session...
CVE-2021-47663
CVE-2021-47663 describes an improper JSON Web Tokens implementation that allows an unauthenticated remote attacker to guess a valid session ID and impersonate a user to gain full access. Documented impact includes high confidentiality, integrity, and availability degradation (C/H/I/A). The provid...
DEBIAN-CVE-2025-22041
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...
CVE-2025-0501
An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle...
CVE-2025-0500
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
Amazon DCV Client <= 2023.1.8993 MITM
The version of Amazon DCV Client installed on the host is vulnerable to a man-in-the-middle vulnerability, allowing an attacker to access remote sessions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
CVE-2025-0501
CVE-2025-0501 affects the native Amazon WorkSpaces clients (PCoIP) and is described as allowing an attacker to access remote sessions via man‑in‑the‑middle, due to a trust management issue (as noted by multiple sources). The issue is associated with high impact across confidentiality, integrity, ...
CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...
Amazon多款产品 信任管理问题漏洞
Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...
PT-2025-3927 · Amazon · Amazon Workspaces
Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. Recommendations: At the...
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...
New-Ringer-Server 安全漏洞
New-Ringer-Server is the server code for a Ringer messaging application open-sourced by Lif Platforms. A security vulnerability exists in versions of New-Ringer-Server prior to 1.3.1 that stems from loading a message route without checking that the user loading the session is actually a member of...
OESA-2024-1937 plasma-workspace security update
Plasma 5 libraries and runtime components Security Fixes: KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to...
PT-2024-22696 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.1.4 Description: The issue arises when a user's session is not invalidated after logout. Upon successful login, the Backend service returns an "Authorization" credential, which can still be used to initiate...
CVE-2024-35870
CVE-2024-35870: Linux kernel SMB client flaw (UAF in smb2_reconnect_server) traced to smb2_reconnect_server() accessing a session being torn down by __cifs_put_smb_ses(). Root cause is a race with ses_status being changed concurrently. The fix unconditionally sets ses_status to SES_EXITING and pr...
CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...
CVE-2022-34311
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446...
IBM CICS TX Standard Security Vulnerability
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A security vulnerability exists in IBM CICS TX Standard that stems from insufficient...
Xantech WIC1200 Cross-Site Scripting Vulnerability
The Xantech WIC1200 is a Web Intelligent Controller from Xantech. A cross-site scripting vulnerability exists in the Xantech WIC1200 version 1.1, which originates from the fact that an authenticated user can store a malicious JavaScript load in the device model parameter via...