Lucene search
K

70 matches found

OSV
OSV
added 2021/02/16 4:15 p.m.4 views

CVE-2020-29024

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

5.3CVSS6.1AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2018/01/30 12:0 a.m.4 views

UBUNTU-CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit"...

6.1CVSS6.6AI score0.01911EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2018/01/26 9:29 p.m.2 views

CVE-2016-2983

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999...

8.1CVSS5.6AI score0.01742EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2017/09/18 7:37 p.m.28 views

Moneybird: Bypass of Rate limiting in secure_session endpoint's password input will lead to user password disclosure

The rate limit for entering a password to start a secure session was too low. This allowed for brute force password guessing when an attacker would gain access to an existing session of a user. We have solved the issue by making the password rate limit the same as the regular login procedure...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2017/05/26 8:37 p.m.9 views

Weblate: Improper Cookie expiration | Cookies Expiration Set to Future

Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...

0.1AI score
Exploits0
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

Security Bypass Vulnerability in Security Component of Multiple Apple Products

Apple macOS Sierra, iOS, and tvOS are products of Apple Inc. macOS Sierra is a specialized operating system for Mac computers; iOS is an operating system for mobile devices. security is one of the information security and privacy components. A security vulnerability exists in the Security compone...

5.9CVSS6.2AI score0.0163EPSS
Exploits0References1
OSV
OSV
added 2016/09/18 10:59 p.m.4 views

CVE-2016-4741

The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates...

5.9CVSS7.3AI score0.01427EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.5 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the secure-session function in the mm-video-v4l2 venc component of the Android operating system’s media server is related to incorrect handling of stack pointers. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential informati...

4.3CVSS6.3AI score0.00464EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/09/07 12:0 a.m.7 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the secure-session function in the mm-video-v4l2 venc component of the Android operating system’s media server is related to incorrect handling of stack pointers. Exploiting this vulnerability could allow a local attacker to enhance their privileges through a specially create...

4.6CVSS7.2AI score0.002EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/08/05 8:59 p.m.4 views

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

5.5CVSS7.3AI score0.00464EPSS
Exploits0References3
NVD
NVD
added 2016/08/05 8:59 p.m.21 views

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

5.5CVSS5AI score0.00464EPSS
Exploits0References3
NVD
NVD
added 2016/08/05 8:59 p.m.23 views

CVE-2016-3823

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

7.8CVSS7.5AI score0.002EPSS
Exploits0References3
Prion
Prion
added 2016/08/05 8:59 p.m.19 views

Heap overflow

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

4.6CVSS7.2AI score0.002EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2016/08/05 8:59 p.m.27 views

CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

5.5CVSS6.4AI score0.00464EPSS
Exploits0References3
OSV
OSV
added 2016/08/05 8:59 p.m.4 views

UBUNTU-CVE-2016-3823

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329...

7.8CVSS7.1AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2016/08/05 8:59 p.m.3 views

UBUNTU-CVE-2016-3835

The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug...

5.5CVSS6.4AI score0.00464EPSS
Exploits0References4
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3823

CVE-2016-3823 affects the Mediaserver in Android’s mediaserver, specifically the secure-session feature in the mm-video-v4l2 venc component. The issue arises from mishandling heap pointers, enabling a crafted application to gain privileges. Affected products/versions include Android 4.x before 4....

7.8CVSS7.5AI score0.002EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/08/05 8:0 p.m.46 views

CVE-2016-3835

Summary (CVE-2016-3835) : A vulnerability in the Mediaserver component (mm-video-v4l2 venc) of Android’s mediaserver on 4.x to 6.x releases allows an attacker via a crafted application to read sensitive information by mishandling heap pointers. Affects Android versions listed in the description (...

5.5CVSS5.5AI score0.00464EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2016/05/17 4:31 p.m.11 views

tomcat: Session fixation

A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...

8.1CVSS7.2AI score0.10573EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/05/17 4:30 p.m.4 views

tomcat: Session fixation

A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...

8.1CVSS7.2AI score0.10573EPSS
Exploits0References5
Rows per page
Query Builder