Lucene search
K

431 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.12 views

Fedora 42 : perl-Plack-Middleware-Session (2025-ca07c36a0a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ca07c36a0a advisory. This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs. Tenable has...

7.3CVSS5.5AI score0.00329EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.3 views

Fedora 42 : perl-Catalyst-Plugin-Session (2025-90d5989bee)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90d5989bee advisory. This update upgrade the package to version 0.44. This version fixes CVE-2025-40924 by using Crypt::SysRandom to generate properly random session IDs. Tenable...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-10945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Centreon before 19.10.7 exposes Session IDs in server responses. CVE-2020-10945 Note that Nessus relies on the presence of the package as reported by the vendor...

4.3CVSS5.1AI score0.00597EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.4 views

CVE-2025-30041

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs...

9CVSS7AI score0.00165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2014-2875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrar...

6.1CVSS6.4AI score0.01631EPSS
Exploits0References2
OSV
OSV
added 2025/07/17 2:15 p.m.6 views

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS7AI score
Exploits0References3
OSV
OSV
added 2025/07/17 2:15 p.m.1 views

DEBIAN-CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/17 1:33 p.m.2 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

7AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/17 1:33 p.m.12 views

CVE-2025-40924 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

0.00252EPSS
Exploits0References3
NVD
NVD
added 2025/07/16 1:15 p.m.6 views

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS0.00329EPSS
Exploits0References5
OSV
OSV
added 2025/07/16 1:15 p.m.3 views

DEBIAN-CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS5.3AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2025/07/16 1:15 p.m.6 views

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS7.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/16 1:5 p.m.6 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3AI score0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/16 1:5 p.m.9 views

CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.15 views

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

9.8CVSS6.9AI score0.00856EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.5 views

CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of affected device...

9.8CVSS7AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.10 views

CVE-2021-26098

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

7.5CVSS6.6AI score0.00814EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:13 p.m.9 views

CVE-2012-6571

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...

7.5CVSS6.9AI score0.00944EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.7 views

CVE-2019-9583

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11, 3.43.16, 3.45.5,...

8.2CVSS6.8AI score0.01877EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:0 a.m.10 views

CVE-2019-10121

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin...

9.8CVSS7.2AI score0.04628EPSS
Exploits0References1
Rows per page
Query Builder