89 matches found
CVE-2024-10141
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
PT-2024-16060 · Unknown · Jsbroks Coco Annotator
Name of the Vulnerable Software and Affected Versions: jsbroks COCO Annotator version 0.11.1 Description: A problematic vulnerability was found in the Session Handler component of jsbroks COCO Annotator. The manipulation of the SECRET KEY argument leads to a predictable state from an observable...
COCO Annotator 安全漏洞
COCO Annotator is a web-based image annotation tool from the individual developer Justin Brooks. Designed for versatility and efficiency in labeling images. A security vulnerability exists in COCO Annotator version 0.11.1, which stems from the parameter SECRETKEY of the component Session Handler...
CVE-2024-20513
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to...
Sensitive Information Disclosure
Kimai is Sensitive Information Disclosure. The vulnerability is caused by manipulating of the PHPSESSIONID argument in the Session Handler component, which results in the sensitive information...
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
CVE-2024-4596 Kimai Session information disclosure
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
CVE-2024-4596 Kimai Session information disclosure
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity ...
Session fixation
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...
CVE-2024-27917
Summary: CVE-2024-27917 affects Shopware (Symfony-based) where 404-page caching can persist a user’s session cookie in the cached response. This occurs when the Symfony Session Handler assigns the session cookie to the response and no explicit session configuration is set, with the issue present ...
CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...
Shopware's session is persistent in Cache for 404 pages
Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...
GHSA-C2F9-4JMM-V45M Shopware's session is persistent in Cache for 404 pages
Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...
The vulnerability of the BGP Session Handler component in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the BGP Session Handler component in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
CVE-2023-20042
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...
Design/Logic Flaw
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...
CVE-2023-20042
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an...