250 matches found
CVE-2024-29976
UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...
“Cannot Retrieve Data” on Citrix Director Dashboard error. Unable to see session information .
“Cannot Retrieve Data” on Citrix Director Dashboard error. Unable to see session information of User Connection Failures, Failed Single-session OS Machines, Failed Multi-session OS Machines data is missing. The following exception can be seen in CDF traces. Error:...
CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...
CVE-2024-23193
Open-Xchange App Suite (Ox App Suite) is affected. The issue stems from PDFs exported from E‑mails being cached without proper per‑session authorization, allowing users on the same service node to access others’ PDFs briefly until caches are cleared. Root cause: PDF export cache not considering u...
PT-2024-19710 · Open Xchange Gmbh +1 · Ox App Suite
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises from E-Mails being exported as PDF and stored in a cache that does not consider specific session information for the related user account. This allows users of the same...
Insecure Direct Object Reference (IDOR)
pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...
GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-26144
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-22230
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
Cross site scripting
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
CVE-2024-22230
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control...
FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...
OpenNMS Cross-site Scripting vulnerability
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer. Meridian and Horizon installation instructions state that...
CVE-2023-40314 Cross-site scripting in bootstrap.jsp
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
CVE-2023-40314 Cross-site scripting in bootstrap.jsp
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)
A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
GHSA-29PR-6JR8-Q5JM Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...