Lucene search
K

77 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/22 12:0 a.m.11 views

Fedora 40 : proftpd (2025-d37ad923f5)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d37ad923f5 advisory. This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to cras...

7.5CVSS5.8AI score0.01142EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/11/18 5:27 a.m.16 views

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

6.8CVSS6.9AI score0.00867EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/06/26 12:9 a.m.4 views

kernel: smb: client: fix UAF in smb2_reconnect_server()

A flaw was found in the smb client in the Linux kernel. A potential use-after-free error was seen in the smb2reconnectserver function. This issue can lead to the crash of a client user session...

4.4CVSS7.2AI score0.00228EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.35 views

K37890841: BIG-IP APM logging disclosure vulnerability CVE-2019-19150

Security Advisory Description The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated...

4.9CVSS5AI score0.00828EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/15 12:0 a.m.11 views

PT-2023-9028 · Unknown +11 · Crypto/Tls +11

Name of the Vulnerable Software and Affected Versions: crypto/tls versions prior to the fixed version Description: The issue is related to large handshake records that may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records, which can cause servers and client...

9.8CVSS7.1AI score0.91969EPSS
Exploits17References340
OSV
OSV
added 2021/07/04 2:13 a.m.9 views

MGASA-2021-0313 Updated live packages fix security vulnerabilities

Updated live packages fix security vulnerabilities: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors CVE-2019-15232...

9.8CVSS6.7AI score0.01716EPSS
Exploits0References5
CNVD
CNVD
added 2021/07/01 12:0 a.m.6 views

Unspecified vulnerability in Ratpack (CNVD-2021-52414)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...

7.5CVSS6.6AI score0.00455EPSS
Exploits0References1
OSV
OSV
added 2021/01/12 9:15 p.m.4 views

CVE-2020-28390

A vulnerability has been identified in Opcenter Execution Core V8.2, Opcenter Execution Core V8.3. The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords o...

5.5CVSS6AI score
Exploits0References2
NVD
NVD
added 2021/01/12 9:15 p.m.18 views

CVE-2020-28390

A vulnerability has been identified in Opcenter Execution Core V8.2, Opcenter Execution Core V8.3. The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords o...

5.5CVSS6.1AI score0.0044EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.8 views

AdRem NetCrunch Authorization Issues Vulnerability

Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. AdRem NetCrunch 10.6.0.4587 suffers from an authorization issue...

9.8CVSS7.3AI score0.01116EPSS
Exploits1References3
ALT Linux
ALT Linux
added 2020/11/19 12:0 a.m.54 views

Security fix for the ALT Linux 9 package openvpn version 2.4.9-alt1

2.4.9-alt1 built Nov. 19, 2020 Nikolay A. Fetisov in task 261903 Nov. 16, 2020 Nikolay A. Fetisov - New version - Security fixes: + CVE-2020-11810: race condition allowes one client kills other client session via false client floating Closes: 39122...

4.3CVSS4.8AI score0.01609EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.26 views

F5 Networks BIG-IP : BIG-IP APM logging disclosure vulnerability (K37890841)

The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated administrators of the system. C Tenable...

4.9CVSS5.3AI score0.00828EPSS
Exploits0References2
NVD
NVD
added 2019/12/23 6:15 p.m.25 views

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

4.9CVSS5.1AI score0.00828EPSS
Exploits0References1
OSV
OSV
added 2019/12/23 6:15 p.m.4 views

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

4.9CVSS5.8AI score0.00828EPSS
Exploits0References1
CVE
CVE
added 2019/12/23 5:35 p.m.62 views

CVE-2019-19150

The CVE-2019-19150 issue affects BIG-IP APM and causes the system to log the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. Affected versions per published advisories include 15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1, 1...

4.9CVSS5AI score0.00828EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/23 5:35 p.m.29 views

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

5.2AI score0.00828EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/23 12:0 a.m.3 views

F5 BIG-IP APM Log Leakage Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.2, and 14.0.0 through 14.0.1, which stems...

4.9CVSS6.6AI score0.00828EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/08/21 12:0 a.m.31 views

Live555 Streaming Media < 2019.08.16 Use-After-Free Vulnerability - Linux

Live555 Streaming Media is prone to a Use-After-Free vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.01716EPSS
Exploits0References1
NVD
NVD
added 2019/08/20 12:15 a.m.24 views

CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors...

9.8CVSS9.5AI score0.01716EPSS
Exploits0References2
Prion
Prion
added 2019/08/20 12:15 a.m.18 views

Design/Logic Flaw

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors...

7.5CVSS9.3AI score0.01716EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder