247 matches found
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
CVE-2019-16355
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Session fixation
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...
Race condition
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
CVE-2019-16355
The CVE-2019-16355 entry concerns Beego’s File Session Manager in Beego 1.10.0, where local attackers can read session files due to weak per-file permissions. Multiple connected sources (Red Hat, OSV entries) reiterate that Beego’s File Session Manager permits information disclosure via improper ...
CVE-2019-16355
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files...
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
CVE-2019-16354
CVE-2019-16354 affects Beego’s File Session Manager. A race condition in file creation within a directory with weak permissions allows a local attacker to read session files. Publicly documented impact centers on Beego 1.10.0; multiple advisories indicate the issue persists across older Beego rel...
Incorrect Default Permissions
The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
CVE-2019-1705
A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance ASA Software could allow a unauthenticated, remote attacker to cause a denial of service DoS condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN...
Cisco Adaptive Security Appliance Software VPN Denial of Service Vulnerability
A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance ASA Software could allow a unauthenticated, remote attacker to cause a denial of service DoS condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN...
PT-2019-2059 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the remote access VPN session manager could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on...
GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs
OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
Description OpenSSL is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0.2a OpenSSL Project OpenSSL 1.0.2b OpenSSL Project OpenSSL 1.0.2c OpenSSL...
CVE-2018-0256
A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...
Updated xrdp packages fix security vulnerability
The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...
Design/Logic Flaw
The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...
CVE-2017-16927
The scpv0saccept function in sesman/libscp/libscpv0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted input...