SUSE CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

SUSE CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

SUSE CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

SUSE CVE-2016-6625

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

SUSE CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

SUSE CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

SUSE CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

CVE-2023-23553

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

Tenable.sc 代码问题漏洞

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 6.0.0 that stems from imprope...

PT-2022-26472 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the EmbmsSessionData::encode function due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privileges...

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...

PT-2022-27837 · Siemens · Scalance X204Rna Eec +1

Name of the Vulnerable Software and Affected Versions: SCALANCE X204RNA HSR versions prior to V3.2.7 SCALANCE X204RNA PRP versions prior to V3.2.7 SCALANCE X204RNA EEC HSR versions prior to V3.2.7 SCALANCE X204RNA EEC PRP versions prior to V3.2.7 SCALANCE X204RNA EEC PRP/HSR versions prior to...

Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

多款Kyocera产品安全漏洞

The Kyocera ECOSYS Series and Kyocera FS Series are both a series of printers from Kyocera, Japan. A security vulnerability exists in the Kyocera MFP 4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN versions, which stems from the presence of session information in the printers...

slixmpp 信任管理问题漏洞

slixmpp is an open source, Python-based XMPP eXtensible Messaging and Presence Protocol, Extensible Message Processing and Presence Protocol library. A security vulnerability exists in slixmpp. An attacker exploiting this vulnerability could read or write data in a session...

Information Disclosure

github.com/relatedcode/messenger is vulnerable to information disclosure. The vulnerability exists because application exposes the session data of the users of the application to the public which allows an attacker to access sensitive data of any user in the application...

IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 23...

CVE-2022-2569

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users...