70 matches found
CVE-2020-29024
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...
UBUNTU-CVE-2017-7153
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit"...
CVE-2016-2983
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999...
Moneybird: Bypass of Rate limiting in secure_session endpoint's password input will lead to user password disclosure
The rate limit for entering a password to start a secure session was too low. This allowed for brute force password guessing when an attacker would gain access to an existing session of a user. We have solved the issue by making the password rate limit the same as the regular login procedure...
Weblate: Improper Cookie expiration | Cookies Expiration Set to Future
Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...
Security Bypass Vulnerability in Security Component of Multiple Apple Products
Apple macOS Sierra, iOS, and tvOS are products of Apple Inc. macOS Sierra is a specialized operating system for Mac computers; iOS is an operating system for mobile devices. security is one of the information security and privacy components. A security vulnerability exists in the Security compone...
CVE-2016-4741
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the secure-session function in the mm-video-v4l2 venc component of the Android operating system’s media server is related to incorrect handling of stack pointers. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential informati...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the secure-session function in the mm-video-v4l2 venc component of the Android operating system’s media server is related to incorrect handling of stack pointers. Exploiting this vulnerability could allow a local attacker to enhance their privileges through a specially create...
CVE-2016-3835
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...
CVE-2016-3835
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...
CVE-2016-3823
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...
Heap overflow
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...
CVE-2016-3835
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...
UBUNTU-CVE-2016-3823
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...
UBUNTU-CVE-2016-3835
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...
CVE-2016-3823
CVE-2016-3823 affects the Mediaserver in Android’s mediaserver, specifically the secure-session feature in the mm-video-v4l2 venc component. The issue arises from mishandling heap pointers, enabling a crafted application to gain privileges. Affected products/versions include Android 4.x before 4....
CVE-2016-3835
Summary (CVE-2016-3835) : A vulnerability in the Mediaserver component (mm-video-v4l2 venc) of Android’s mediaserver on 4.x to 6.x releases allows an attacker via a crafted application to read sensitive information by mishandling heap pointers. Affects Android versions listed in the description (...
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...