CVE-2022-39875

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

Design/Logic Flaw

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

Information disclosure

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

GHSA-CG8C-GC2J-2WF7 Flask-Security vulnerable to Open Redirect

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

CVE-2022-39875

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices is a series of Samsung mobile devices from South Korea's Samsung SAMSUNG, including cell phones, tablets, etc. SAMSUNG Mobile devices versions prior to 13.5.01.3 contain an access control error vulnerability that stems from improper protection of components in Samsung...

URL Redirection to Untrusted Site ('Open Redirect')

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

CVE-2022-39874

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

PT-2022-25067 · Samsung · Samsung Account

Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 13.5.0 Description: The issue is related to an improper component protection vulnerability. This vulnerability allows attackers to perform unauthorized logout actions. Recommendations: For versions prior to...

PT-2022-25066 · Samsung · Samsung Account

Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 13.5.0 Description: The issue allows attackers to unauthorized logout due to a sensitive log information leakage. Recommendations: For versions prior to 13.5.0, update to version 13.5.0 or later to resolve th...

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines Corporation IBM that can be used to integrate data information from various sources. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Informati...

SAMSUNG Mobile devices 日志信息泄露漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices version 13.5.0, which stems from a Samsung account sensitive log information disclosure...

CVE-2022-39875

CVE-2022-39875 describes an improper component protection vulnerability in Samsung Account prior to version 13.5.0, allowing attackers to perform an unauthorized logout. Affected software: Samsung Account (versions before 13.5.0). Root cause: improper protection of account components. Impact: all...

CVE-2022-39874

CVE-2022-39874 affects Samsung Account prior to version 13.5.0. Public sources in the connected documents describe a sensitive log information leakage vulnerability that allows an attacker to log out without authorization. The affected component is the Samsung Account, with impact described as lo...

CVE-2022-41291

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699...

PT-2022-7073 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.16 Description: The issue is related to an open redirect in the shib logout.php script, specifically with the handling of the return parameter. This could allow a remote attacker to redirect users to an arbitrary URL...

Session Fixation

rdiffweb is vulnerable to session fixation. The vulnerability exists because even after logout, the application continues to use the preauthentication cookies, which allows an attacker to gain unauthorized access to the account of a victim who is using the same browser, as long as a single sessio...

U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443

An XSS vulnerability was discovered in ServiceNow logout, allowing an unauthenticated remote attacker to execute code in the user's browser context by clicking on a malicious link. The vulnerability was present in ServiceNow versions prior to SanDiego SP6 and has been assigned CVE-2022-38463...

ServiceNow Logout Cross-Site Scripting

ServiceNow versions prior to San Diego Patch 4b and Patch 6 are affected by a reflected XSS within the logout functionality. This may permit a remote unauthenticated attacker to execute arbitrary JavaScript code in the browser context of the targeted ServiceNow user. No source data...

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.

...