520 matches found
The vulnerability of the SAML (Security Assertion Markup Language) technology in the PAN-OS operating system allows a perpetrator to increase their privileges.
The vulnerability of the SAML Security Assertion Markup Language technology in the PAN-OS operating system is related to improper session management. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
GHSA-7C5V-895V-W4Q5 jooby-pac4j: deserialization of untrusted data
Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session handling logic in SessionStoreImplget. An attacker can execute code by sending a malicious payload beginning with "b64", which is deserialized unsafely. Details Serialization is a process...
CVE-2021-4454
CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...
CVE-2024-8314
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...
CVE-2024-8314 Improper session handling in B&R APROL
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...
CVE-2024-8314
CVE-2024-8314 affects B&R APROL
CVE-2024-8314 Improper session handling in B&R APROL
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...
PT-2025-16681
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue can occur in the Linux kernel's ksmbd component, specifically in the ksmbd sessions deregister function. This issue arises in multichannel mode when the second...
CVE-2024-57062
An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...
CVE-2024-57062
An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...
CVE-2024-57062
An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...
CVE-2024-57062
An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component...
CVE-2024-57062
CVE-2024-57062 affects the SoundCloud iOS app, version 7.65.2. The issue is a privilege escalation via the app’s session handling component, enabling a local attacker to access sensitive information. The connected sources confirm the affected software/version and the local-exploitability vector, ...
Linux Distros Unpatched Vulnerability : CVE-2021-44513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. CVE-2021-44513 Not...
Linux Distros Unpatched Vulnerability : CVE-2016-6290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows...
ZOHO ManageEngine ADSelfService Plus 授权问题漏洞
ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6510 and prior versions that stems from improper session...
CVE-2024-57056
Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session...
USN-7272-1 symfony vulnerabilities
Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...
USN-7272-1: Symfony vulnerabilities
Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...