Lucene search
K

316 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-5406

A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

9CVSS7AI score0.01424EPSS
Exploits0References1
OSV
OSV
added 2025/05/13 10:15 a.m.4 views

CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions V4.1 Update 3, SIMATIC PCS neo V5.0 All versions V5.0 Update 1. Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session...

9.8CVSS5.8AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 9:38 a.m.48 views

CVE-2025-40566

CVE-2025-40566 affects Siemens SIMATIC PCS neo: v4.1 up to but excluding Update 3, and v5.0 up to but excluding Update 1. The root cause is improper invalidation of user sessions on logout, allowing a remote, unauthenticated attacker who obtained a legitimate session token to reuse that session a...

9.8CVSS7.1AI score0.00374EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20865 · Siemens · Simatic Pcs Neo

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions prior to V4.1 Update 3 SIMATIC PCS neo versions prior to V5.0 Update 1 Description: A vulnerability has been identified in SIMATIC PCS neo where affected products do not correctly invalidate user sessions upon user...

10CVSS6.5AI score0.00374EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

Siemens SIMATIC PCS neo 代码问题漏洞

Siemens SIMATIC PCS neo is a distributed control system from Siemens, Germany. A code issue vulnerability exists in Siemens SIMATIC PCS neo that originates from a user logging off and not properly disabling the session, which could lead to session reuse...

9.8CVSS6.6AI score0.00374EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/05/09 3:23 a.m.4 views

SUSE CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

4.2CVSS6.8AI score0.00201EPSS
Exploits0References9
OSV
OSV
added 2025/05/08 8:15 p.m.2 views

DEBIAN-CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

4.2CVSS4.8AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 11:15 p.m.4 views

DEBIAN-CVE-2025-32441

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

4.2CVSS4.9AI score0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the reuse of ksmbd multi-channel connection sessions after release...

7.8CVSS6.6AI score0.00606EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.18 views

Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...

5.3CVSS5.5AI score0.02646EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.12 views

Fedora 41 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-66ebd291f8)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-66ebd291f8 advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...

5.3CVSS5.5AI score0.02646EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.17 views

Nginx 1.27.x < 1.27.4 SSL Session Reuse

According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...

5.3CVSS7.2AI score0.02646EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.11 views

Nginx 1.11.4 < 1.26.3 SSL Session Reuse

According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...

5.3CVSS7.2AI score0.02646EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.6 views

Siemens SIMATIC PCS和Siemens TIA Administrator 代码问题漏洞

Siemens TIA Administrator and Siemens SIMATIC PCS are both products of Siemens, Germany.Siemens TIA Administrator is a management program for authorizing and licensing SIMATIC products.Siemens SIMATIC PCS is a Siemens SIMATIC PCS is a process control system. A code issue vulnerability exists in...

8.8CVSS6.7AI score0.00536EPSS
Exploits0References1
Nginx
Nginx
added 2025/02/05 5:31 p.m.2091 views

SSL session reuse vulnerability

SSL session reuse vulnerability Severity: medium CVE-2025-23419 Not vulnerable: 1.27.4+, 1.26.3+ Vulnerable: 1.11.4-1.27.3...

5.3CVSS7.1AI score0.02646EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 5:18 a.m.4 views

CVE-2024-1902

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker...

7.5CVSS7.4AI score0.00387EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2025/02/05 12:0 a.m.253 views

nginx-devel -- SSL session reuse vulnerability

The nginx development team reports: This update fixes the SSL session reuse vulnerability...

5.3CVSS7AI score0.02646EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.19 views

FreeBSD : nginx-devel -- SSL session reuse vulnerability (9761af78-e3e4-11ef-9f4a-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9761af78-e3e4-11ef-9f4a-589cfc10a551 advisory. The nginx development team reports: This update fixes the SSL session reuse vulnerability. Tenable has...

5.3CVSS5.4AI score0.02646EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2025/01/29 12:0 a.m.15 views

CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry

Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...

5.4CVSS5.9AI score0.00188EPSS
Exploits0
OSV
OSV
added 2024/12/16 2:7 p.m.17 views

BIT-NODE-MIN-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References10
Rows per page
Query Builder