Lucene search
K

135 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/08 12:0 a.m.13 views

Fedora 41 : webkitgtk (2025-059585d039)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-059585d039 advisory. Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and renderin...

9.8CVSS7.1AI score0.00858EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.4 views

ASP.NET Cookieless Session State Enabled

.NET Framework offers an alternative to cookie based session management named 'cookieless' by allowing developers to store the session ID directly in URLs rather than in cookies. When enabled, this feature can be abused to make session hijacking attacks easier to exploit or to craft valid URLs in...

7.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.8 views

CVE-2022-39268

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS6.4AI score0.00382EPSS
Exploits0References1
Snyk
Snyk
added 2025/01/06 4:31 p.m.1 views

Improper Authentication

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Authentication due to improper clearing of cookies through the handlehttp function of the air.py component. An attacker can gain unauthorized access to th...

7.5CVSS7AI score0.00374EPSS
Exploits0References2
Citrix
Citrix
added 2024/07/13 12:0 a.m.6 views

Session Appears Down in XenApp Farm and Csrss.exe Process Remains Active in Session

Session appears in astate in the XenApp farm. Csrss.exe process remains active in the session. This generally means that the session had problems on logoff and remains hung until it is manually terminated or the server is restarted. Additionally, if the server has sessions in this state and is...

7.1AI score
Exploits0
Veracode
Veracode
added 2024/06/03 8:52 a.m.12 views

Insufficiently Protected Credentials

SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...

7AI score
Exploits0
OSV
OSV
added 2024/03/06 11:20 a.m.16 views

BIT-TENSORFLOW-2020-15204 Segfault in Tensorflow

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

5.3CVSS5.4AI score0.00903EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/01/12 2:23 p.m.3 views

CVE-2023-49255 Router console accessible without authentication

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

7.1AI score0.00716EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/06/06 6:45 a.m.3 views

Malicious code in fc-session-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce915f34780e87423580299a1d37897334a16ce4f4031b78bcf4c630cab69513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/06/06 6:45 a.m.12 views

MAL-2023-366 Malicious code in fc-session-state (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce915f34780e87423580299a1d37897334a16ce4f4031b78bcf4c630cab69513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-4136

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...

6.5CVSS7.4AI score0.03644EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.3 views

SUSE CVE-2012-5886

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS8.7AI score0.08768EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.5 views

PT-2022-8577 · Mozilla · Vpn

Name of the Vulnerable Software and Affected Versions: Mozilla VPN iOS versions 1.0.7 and earlier Mozilla VPN Windows versions prior to 1.2.2 Mozilla VPN Android versions 1.1.0 and earlier Description: An issue existed in the VPN login flow, where an attacker could craft a custom login URL and...

7.6CVSS6.9AI score0.00469EPSS
Exploits0References6
NVD
NVD
added 2022/09/30 9:15 p.m.11 views

CVE-2022-39268

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS0.00382EPSS
Exploits0References4
Prion
Prion
added 2022/09/30 9:15 p.m.11 views

Design/Logic Flaw

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

5.8CVSS7.9AI score0.00382EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/30 8:25 p.m.15 views

CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS8.2AI score0.00382EPSS
Exploits0References4
OSV
OSV
added 2022/09/30 8:25 p.m.22 views

CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS7.7AI score0.00382EPSS
Exploits0References6
CVE
CVE
added 2022/09/30 8:25 p.m.54 views

CVE-2022-39268

CVE-2022-39268 affects Orchest, specifically the auth-server component. The vulnerability is a Cross‑Site Request Forgery (CSRF) issue where an attacker tricks an innocent user into submitting unintended requests, potentially leaking data or altering session state or user accounts. A fix is avail...

8.1CVSS8AI score0.00382EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 1:38 a.m.1 views

GHSA-9XRJ-439H-62HG Improper Authentication in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS7.3AI score0.08768EPSS
Exploits0References21
OSV
OSV
added 2022/05/14 12:54 a.m.42 views

GHSA-HMHQ-382Q-MP56 ClassLoader manipulation in Apache Struts

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.7AI score0.06516EPSS
Exploits0References5
Rows per page
Query Builder