Lucene search
K

184 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-27460

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-35472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many...

8.8CVSS7.3AI score0.01679EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.7 views

CVE-2022-41236

A cross-site request forgery CSRF vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified repor...

8.8CVSS6.5AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.4 views

CVE-2021-35472

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users...

8.8CVSS7.2AI score0.01679EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.25 views

Amazon Linux 2 : nginx (ALASNGINX1-2025-008)

The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...

5.3CVSS5.6AI score0.02557EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/26 12:0 a.m.4 views

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS7.3AI score0.02557EPSS
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.5 views

Medium: nginx

Issue Overview: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS7.2AI score0.02557EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/14 3:49 a.m.4 views

SUSE CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

4.3CVSS6AI score0.02557EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/07 9:13 a.m.14 views

CVE-2025-23419

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

4.3CVSS4.7AI score0.02557EPSS
Exploits0References4
OSV
OSV
added 2025/02/07 7:15 a.m.32 views

BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS4.9AI score0.02557EPSS
Exploits0References4
OSV
OSV
added 2025/02/05 6:15 p.m.9 views

AZL-56492 CVE-2025-23419 affecting package nginx for versions less than 1.25.4-3

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.7AI score0.02557EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 6:15 p.m.25 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2025/02/05 6:15 p.m.6 views

UBUNTU-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score0.02557EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.23 views

CVE-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS5AI score0.02557EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/02/05 5:31 p.m.22 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS7.4AI score0.02557EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/05 5:31 p.m.51 views

CVE-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS0.02557EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/02/05 5:31 p.m.9 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.5AI score0.02557EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.18 views

PT-2025-5738

Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...

5.3CVSS8.3AI score0.02557EPSS
Exploits0References157
RedHat Linux
RedHat Linux
added 2024/11/12 9:22 a.m.2 views

openssl: Unbounded memory growth with session handling in TLSv1.3

A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured...

5.9CVSS7.2AI score0.54026EPSS
Exploits0References5
OSV
OSV
added 2024/10/14 9:7 p.m.4 views

GHSA-R7M4-F9H5-GR79 Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks

Impact Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. Patches https://github.com/jetty/jetty.project/pull/9715 https://github.com/jetty/jetty.project/pull/9716 Workarounds The session usage is intrinsic to the...

3.1CVSS7AI score0.00949EPSS
Exploits0References9
Rows per page
Query Builder