316 matches found
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...
CVE-2025-40566
A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...
CVE-2025-40566
CVE-2025-40566 affects Siemens SIMATIC PCS neo: v4.1 up to but excluding Update 3, and v5.0 up to but excluding Update 1. The root cause is improper invalidation of user sessions on logout, allowing a remote, unauthenticated attacker who obtained a legitimate session token to reuse that session a...
PT-2025-20865 · Siemens · Simatic Pcs Neo
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Update 3 SIMATIC PCS neo versions prior to V5.0 Update 1 Description: A vulnerability has been identified in SIMATIC PCS neo where affected products do not correctly invalidate user sessions upon user...
Siemens SIMATIC PCS neo 代码问题漏洞
Siemens SIMATIC PCS neo is a distributed control system from Siemens, Germany. A code issue vulnerability exists in Siemens SIMATIC PCS neo that originates from a user logging off and not properly disabling the session, which could lead to session reuse...
SUSE CVE-2025-32441
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...
DEBIAN-CVE-2025-46336
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...
DEBIAN-CVE-2025-32441
Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the reuse of ksmbd multi-channel connection sessions after release...
Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...
Fedora 41 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-66ebd291f8)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-66ebd291f8 advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...
Nginx 1.27.x < 1.27.4 SSL Session Reuse
According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...
Nginx 1.11.4 < 1.26.3 SSL Session Reuse
According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...
Siemens SIMATIC PCS和Siemens TIA Administrator 代码问题漏洞
Siemens TIA Administrator and Siemens SIMATIC PCS are both products of Siemens, Germany.Siemens TIA Administrator is a management program for authorizing and licensing SIMATIC products.Siemens SIMATIC PCS is a Siemens SIMATIC PCS is a process control system. A code issue vulnerability exists in...
SSL session reuse vulnerability
SSL session reuse vulnerability Severity: medium CVE-2025-23419 Not vulnerable: 1.27.4+, 1.26.3+ Vulnerable: 1.11.4-1.27.3...
CVE-2024-1902
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...
nginx-devel -- SSL session reuse vulnerability
The nginx development team reports: This update fixes the SSL session reuse vulnerability...
FreeBSD : nginx-devel -- SSL session reuse vulnerability (9761af78-e3e4-11ef-9f4a-589cfc10a551)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9761af78-e3e4-11ef-9f4a-589cfc10a551 advisory. The nginx development team reports: This update fixes the SSL session reuse vulnerability. Tenable has...
CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry
Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...
BIT-NODE-MIN-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...