7 matches found
CVE-2023-45133 vulnerabilities
Vulnerabilities for packages: arangodb...
EUVD-2021-12797
Malware in sbrugna...
EUVD-2021-12795
Malware in sbrugna...
CVE-2021-25940
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system...
CVE-2021-25938
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting XSS, since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for...
BIT-ARANGODB-2021-25940 ArangoDB - Insufficient Session Expiration after Password Change
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system...
CVE-2021-25940 ArangoDB - Insufficient Session Expiration after Password Change
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system...