Lucene search
K

250 matches found

NVD
NVD
added 2024/06/04 2:15 a.m.27 views

CVE-2024-29976

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...

6.5CVSS6.7AI score0.08954EPSS
Exploits1References2
Citrix
Citrix
added 2024/05/15 12:0 a.m.27 views

“Cannot Retrieve Data” on Citrix Director Dashboard error. Unable to see session information .

“Cannot Retrieve Data” on Citrix Director Dashboard error. Unable to see session information of User Connection Failures, Failed Single-session OS Machines, Failed Multi-session OS Machines data is missing. The following exception can be seen in CDF traces. Error:...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/10 12:28 p.m.26 views

CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...

8.3CVSS7AI score0.00457EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 6:36 a.m.59 views

CVE-2024-23193

Open-Xchange App Suite (Ox App Suite) is affected. The issue stems from PDFs exported from E‑mails being cached without proper per‑session authorization, allowing users on the same service node to access others’ PDFs briefly until caches are cleared. Root cause: PDF export cache not considering u...

5.3CVSS6.4AI score0.00545EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-19710 · Open Xchange Gmbh +1 · Ox App Suite

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises from E-Mails being exported as PDF and stored in a cache that does not consider specific session information for the related user account. This allows users of the same...

5.3CVSS6AI score0.00545EPSS
Exploits0References9
Veracode
Veracode
added 2024/03/29 11:27 a.m.29 views

Insecure Direct Object Reference (IDOR)

pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...

6.5CVSS6.5AI score0.00713EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2024/02/27 9:41 p.m.21 views

GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9
OSV
OSV
added 2024/02/27 3:44 p.m.28 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5AI score0.01119EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/02/27 3:44 p.m.37 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/02/27 3:44 p.m.23 views

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.1AI score0.01119EPSS
Exploits0
NVD
NVD
added 2024/02/12 7:15 p.m.22 views

CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

6.4CVSS6.2AI score0.00295EPSS
Exploits0References1
Prion
Prion
added 2024/02/12 7:15 p.m.23 views

Cross site scripting

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

4.9CVSS6.5AI score0.00295EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/12 6:45 p.m.16 views

CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...

6.4CVSS6.3AI score0.00295EPSS
Exploits0References1
Kitploit
Kitploit
added 2024/01/18 11:30 a.m.41 views

FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...

6.5AI score
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/11/17 12:31 a.m.32 views

OpenNMS Cross-site Scripting vulnerability

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer. Meridian and Horizon installation instructions state that...

6.1CVSS6.5AI score0.00435EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/11/16 9:14 p.m.35 views

CVE-2023-40314 Cross-site scripting in bootstrap.jsp

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

5.8CVSS6.6AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/16 9:14 p.m.18 views

CVE-2023-40314 Cross-site scripting in bootstrap.jsp

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

5.8CVSS6.5AI score0.00435EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/03 12:0 a.m.20 views

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...

5.3CVSS5.6AI score0.00677EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/22 7:37 p.m.9 views

CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

7.6CVSS7.4AI score0.00641EPSS
Exploits0References3
OSV
OSV
added 2023/03/21 10:31 p.m.22 views

GHSA-29PR-6JR8-Q5JM Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

7.6CVSS6.7AI score0.00641EPSS
Exploits0References5
Rows per page
Query Builder