GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Shopify: Insufficient session expiration in the **com.shopify.ping** android app

It was identified that despite a logout action will be taken by the user at the com.shopify.ping application, the authentication token is not invalidated which allows fully recovery of the initially acquired session. More specifically, after the user provides the required credentials, an...

FusionAuth fusionauth-samlv2 代码问题漏洞

fusionauth fusionauth-samlv2 is a personal developer of a JAVA library that provides JAXB functionality . The library can mainly handle SAML requests and replies for scenarios such as single sign-on. A security vulnerability exists in FusionAuth fusionauth-samlv2 versions prior to 0.5.4 that allo...

CVE-2021-29456 Authelia allows open redirects on the logout endpoint

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...

Pomerium Open Redirect Vulnerability

Pomerium is an identity agent that gives you secure access to internal applications. An open redirection vulnerability exists in the user login/logout process in Pomerium versions 0.10.0 through 0.13.3. No detailed vulnerability details are provided at this time...

Unspecified Vulnerability in Samsung EmailValidationView

Samsung EmailValidationView is an application from Samsung Korea. Provides email functionality. A security vulnerability exists in Samsung EmailValidationView that stems from improper access control and can be exploited by an attacker to log out of a user account on a device without a user passwo...

CVE-2021-25351

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password...

Improper access control

Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password...

Samsung EmailValidationView 安全漏洞

Samsung EmailValidationView is an application from Samsung Korea. Provides email functionality. A security vulnerability exists in Samsung EmailValidationView that stems from improper access control and can be exploited by an attacker to log out of a user account on a device without a user passwo...

CVE-2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

MantisBT < 2.24.5 Session Hijacking Vulnerability - Linux

MantisBT is prone to a session hijacking vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

MantisBT 代码问题漏洞

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT before 2.24.5 that stems from associating a unique cookie string wi...

Qualcomm 组件资源管理错误漏洞

The Qualcomm component is a component of Qualcomm Incorporated Qualcom. The Qualcomm component is an intrinsic part of Qualcomm devices. A resource management error vulnerability exists in the Qualcomm component that stems from a contention between the ioctl register and the logout event...

CVE-2021-21308

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...

CVE-2021-21308

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2...

PrestaShop 授权问题漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A security vulnerability exists in PrestaShop versions prior to 1.7.2. The...

CVE-2020-7848

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

Command injection

The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value...

CVE-2020-7848

The CVE-2020-7848 entry concerns the EFM ipTIME C200 IP Camera with a Command Injection flaw in /login.cgi?logout=1. An attacker can send a GET request to execute arbitrary OS commands via a crafted cookie value. CVSS data (2.0/3.1) indicates HIGH impact across confidentiality, integrity, and ava...

CVE-2020-10734

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable...