Lucene search
+L

407 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/03 12:0 a.m.10 views

Oracle Linux 8 : krb5 (ELSA-2025-8411)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8411 advisory. - Don't issue RC4 session keys by default CVE-2025-3576 Resolves: RHEL-88049 Tenable has extracted the preceding description block directly from the Oracle Linu...

5.9CVSS6.8AI score0.00331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.9 views

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.3CVSS5.6AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.5 views

CVE-2023-52440

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...

7.8CVSS7AI score0.36685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.18 views

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

9.8CVSS7.4AI score0.0717EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.11 views

CVE-2021-3304

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI...

9.8CVSS7.6AI score0.01261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.7 views

CVE-2020-5224

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

8.8CVSS5.9AI score0.00439EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 p.m.6 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS6.7AI score0.01588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:13 a.m.7 views

CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...

4.6CVSS7AI score0.00762EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:11 p.m.7 views

CVE-2006-4943

course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...

5CVSS6.6AI score0.01241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/05 10:18 a.m.22 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

6.2CVSS5.1AI score0.00473EPSS
Exploits1References10
Cvelist
Cvelist
added 2025/05/03 10:16 a.m.36 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

0.00473EPSS
Exploits1References13
CVE
CVE
added 2025/05/03 10:16 a.m.90 views

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

5.3CVSS6.3AI score0.00473EPSS
Exploits1References13Affected Software1
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.204 views

Solstice Pod 5.5 / 6.2 Information Disclosure

Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/15 8:10 a.m.25 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7.2AI score0.00594EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 5:15 p.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS0.00594EPSS
Exploits1References2
CVE
CVE
added 2025/03/13 12:0 a.m.54 views

CVE-2024-53406

CVE-2024-53406 affects Espressif ESP-IDF v5.3.0. The issue is described as insecure permissions that enable authentication bypass, with the reconnection phase reusing a prior session key, creating a foothold for security bypass attacks. The documented CVSS v3.1 base score is 8.8 (HIGH) with netwo...

8.8CVSS7.4AI score0.00594EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

6.9AI score0.00594EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/13 12:0 a.m.23 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

0.00594EPSS
Exploits1References2
OSV
OSV
added 2025/03/13 12:0 a.m.5 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7AI score0.00594EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but...

7.5CVSS6.7AI score0.0125EPSS
Exploits0References4
Rows per page
Query Builder