Race condition

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

CVE-2019-16355

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...

CVE-2019-16355

The CVE-2019-16355 entry concerns Beego’s File Session Manager in Beego 1.10.0, where local attackers can read session files due to weak per-file permissions. Multiple connected sources (Red Hat, OSV entries) reiterate that Beego’s File Session Manager permits information disclosure via improper ...

CVE-2019-16354

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

CVE-2019-16354

CVE-2019-16354 affects Beego’s File Session Manager. A race condition in file creation within a directory with weak permissions allows a local attacker to read session files. Publicly documented impact centers on Beego 1.10.0; multiple advisories indicate the issue persists across older Beego rel...

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...

Incorrect Default Permissions

The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...

CVE-2019-1705

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance ASA Software could allow a unauthenticated, remote attacker to cause a denial of service DoS condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN...

Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance ASA Software could allow a unauthenticated, remote attacker to cause a denial of service DoS condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN...

PT-2019-2059 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the remote access VPN session manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on...

GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs

OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...

OpenSSL CVE-2018-0732 Denial of Service Vulnerability

Description OpenSSL is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0.2a OpenSSL Project OpenSSL 1.0.2b OpenSSL Project OpenSSL 1.0.2c OpenSSL...

CVE-2018-0256

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...

Updated xrdp packages fix security vulnerability

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

Design/Logic Flaw

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

CVE-2017-16927

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

UBUNTU-CVE-2017-16927

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

CVE-2017-16927

CVE-2017-16927 affects xrdp (sesman) where scp_v0s_accept in sesman/libscp/libscp_v0.c uses an untrusted integer as a write length, enabling local denial of service via buffer overflow. Public records (Fedora 26/27, SUSE, Mageia) show this was fixed by upstream in 0.9.4 (and later 0.9.5 in some b...

CVE-2017-16927

The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...

Zend Framework Session Authentication Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A security vulnerability exists in Zend/Session/SessionManager in version 2.2.x before ZF 2.2.9 and version 2.3.x...