Lucene search
+L

34 matches found

Cvelist
Cvelist
added 2026/07/10 8:20 p.m.33 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00468EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-17840

Malware in sbrugna...

4.6CVSS4.6AI score0.00418EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-6494

Malware in sbrugna...

2.1CVSS6.2AI score0.00376EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/05/20 2:16 a.m.3 views

SUSE CVE-2023-32249

In the Linux kernel, the following vulnerability has been resolved: ksmbd: not allow guest user on multichannel This patch return STATUSNOTSUPPORTED if binding session is guest...

5.5CVSS6.5AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.4 views

SUSE CVE-2016-2119

libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2 SMB2SESSIONFLAGISNULL flag...

7.5CVSS6.9AI score0.03097EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/03/10 5:28 p.m.87 views

Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

6.5CVSS1.7AI score0.00524EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/03/10 5:28 p.m.28 views

GHSA-JP6H-MXHX-PGQH Shopware guest session is shared between customers

Impact Guest sessions are shared between customers when HTTP cache is enabled. Setups with Varnish are not affected by this issue Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview...

4.8CVSS5.6AI score0.00524EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/03/09 10:25 p.m.49 views

CVE-2022-24745 Guest session is shared between customers in shopware

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

4.8CVSS6.6AI score0.00524EPSS
Exploits0References1
OSV
OSV
added 2020/02/28 9:15 p.m.3 views

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

8.8CVSS7.4AI score0.01036EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/12 12:0 a.m.5 views

Magento Insecure Authentication and Session Management Vulnerability

Magento is an open source PHP e-commerce system from the U.S. company Magento. An insecure authentication and session management vulnerability exists in Magento. An attacker can exploit this vulnerability to gain access to the customer account index page via the guest session ID value after a...

7.5CVSS7.3AI score0.01949EPSS
Exploits0References1
OSV
OSV
added 2019/07/29 6:15 p.m.7 views

CVE-2018-17213

An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks...

8.8CVSS5.8AI score0.01428EPSS
Exploits1References1
OSV
OSV
added 2019/04/24 7:29 p.m.7 views

CVE-2019-10008

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ logi...

8.8CVSS5.9AI score0.19735EPSS
Exploits7References2
NVD
NVD
added 2019/04/24 7:29 p.m.33 views

CVE-2019-10008

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ logi...

8.8CVSS8.9AI score0.19735EPSS
Exploits7References2
Prion
Prion
added 2019/04/24 7:29 p.m.21 views

Session fixation

Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ logi...

6.5CVSS8.8AI score0.19735EPSS
Exploits7References2Affected Software1
NVD
NVD
added 2017/05/12 7:29 a.m.15 views

CVE-2017-8900

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session...

4.6CVSS4.7AI score0.00418EPSS
Exploits0References4
Prion
Prion
added 2017/05/12 7:29 a.m.11 views

Session fixation

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session...

2.1CVSS4.8AI score0.00418EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/05/12 7:29 a.m.15 views

CVE-2017-8900

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session...

4.6CVSS6.8AI score0.00418EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/05/12 6:54 a.m.32 views

CVE-2017-8900

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session...

4.7AI score0.00418EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2017/05/12 12:4 a.m.46 views

USN-3285-1: LightDM vulnerability

Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other...

4.6CVSS5AI score0.00418EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/05/11 12:0 a.m.17 views

CVE-2017-8900

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session...

4.6CVSS5.9AI score0.00418EPSS
Exploits0References2
Rows per page
Query Builder