Lucene search
K

202 matches found

Vulnrichment
Vulnrichment
added 2023/02/28 4:53 p.m.11 views

CVE-2023-22771 Insufficient Session Expiration in ArubaOS Command Line Interface

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account...

6.8CVSS7AI score0.00443EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 7:2 p.m.88 views

K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714

Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...

8.8CVSS8.6AI score0.13075EPSS
Exploits0Affected Software17
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.3 views

SUSE CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...

5CVSS8.3AI score0.02793EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.4 views

SUSE CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS8.6AI score0.13075EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS7.1AI score0.01225EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.12 views

SUSE CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS8.1AI score0.00692EPSS
Exploits15References11
OSV
OSV
added 2023/01/05 7:15 a.m.4 views

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to...

5.4CVSS5.8AI score0.00425EPSS
Exploits0References1
NVD
NVD
added 2023/01/05 7:15 a.m.26 views

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to...

5.4CVSS4.9AI score0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/03 7:43 p.m.10 views

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to...

4.6CVSS7AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 7:43 p.m.31 views

CVE-2022-43529

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to...

4.6CVSS5.8AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.8 views

PT-2023-14240 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

5.4CVSS7.4AI score0.00425EPSS
Exploits0References5
OSV
OSV
added 2022/11/11 11:4 a.m.11 views

OESA-2022-2064 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

7CVSS7.4AI score0.00692EPSS
Exploits15References2
Redos
Redos
added 2022/11/03 12:0 a.m.55 views

ROS-20221103-06

Apache Tomcat application server vulnerability is related to incorrect implementation of read/write locking. writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a concurrency error and force client connections to share an instance of Http11Processor...

7.5CVSS7.1AI score0.10997EPSS
Exploits15
RedHat Linux
RedHat Linux
added 2022/11/02 10:40 a.m.10 views

tomcat: local privilege escalation vulnerability

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS7.2AI score0.56636EPSS
Exploits15References5
Debian
Debian
added 2022/10/29 9:59 p.m.67 views

[SECURITY] [DSA 5265-1] tomcat9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5265-1 [email protected] https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.73139EPSS
Exploits20
Huntr
Huntr
added 2022/10/03 12:22 p.m.10 views

2 FA bypass

Description An attacker is able to bypass 2FA due to a logic flaw on the application Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Your account is set to [email protected] as primary email 3 Go to https://rdiffweb-dev.ikus-soft.com/prefs/mfa and click on "Enable 2FA" 4 A...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

tomcat: deserialization flaw in session persistence storage leading to RCE

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...

7CVSS7.3AI score0.56636EPSS
Exploits15References9
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.5 views

PT-2022-20488 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11 Description: The issue concerns Admin Tool sessions in the TYPO3 backend user interface that were not revoked even if the corresponding user...

7.2CVSS6.7AI score0.01165EPSS
Exploits0References12
OSV
OSV
added 2022/05/14 1:10 a.m.32 views

GHSA-MV42-PX54-87JW Improper Access Control in Apache Tomcat

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS8.2AI score0.13075EPSS
Exploits0References67
PyPA
PyPA
added 2022/03/07 11:15 p.m.8 views

PYSEC-2022-34

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and...

6.5CVSS6.8AI score0.01625EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder