Lucene search
K

133 matches found

Veracode
Veracode
added 2025/01/13 1:47 a.m.7 views

Cross-Site Scripting (XSS)

Trix is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the link field, allowing attackers to trick users into pasting a malicious javascript: URL, which could execute arbitrary JavaScript code within the user's session...

5.3CVSS6.5AI score0.00407EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-32144

Name of the Vulnerable Software and Affected Versions CIRCL affected versions not specified Description A flaw exists in CIRCL’s implementation of the FourQ elliptic curve. This issue allows an attacker to compromise session security through low-order point injection and incorrect point validatio...

3.7CVSS6.6AI score0.00485EPSS
Exploits0References27
OSV
OSV
added 2024/11/05 7:15 p.m.22 views

PYSEC-2024-202

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2024/09/02 12:15 p.m.17 views

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

7.5CVSS7AI score0.00569EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/13 1:20 p.m.37 views

CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

6.8AI score0.0073EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/13 1:20 p.m.12 views

CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

7.2AI score0.0073EPSS
Exploits1References1
OSV
OSV
added 2023/12/12 5:15 p.m.5 views

DEBIAN-CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS7.3AI score0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/15 8:17 p.m.19 views

CVE-2023-41900 Jetty's OpenId Revoked authentication allows one request

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

3.5CVSS7.2AI score0.00753EPSS
Exploits1References5
OSV
OSV
added 2023/07/17 10:15 p.m.14 views

CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

8.8CVSS7.3AI score
Exploits0References2
Debian CVE
Debian CVE
added 2023/07/17 9:13 p.m.28 views

CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

9.1CVSS8.7AI score0.00541EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.3 views

SUSE CVE-2010-0161

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service heap memory corruption and applicatio...

4.3CVSS8.2AI score0.0167EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.6 views

Apache::Session::LDAP 信任管理问题漏洞

Apache::Session::LDAP is a tool for storing Apache sessions in LDAP. A security vulnerability exists in Apache::Session::LDAP versions prior to 0.5 that stems from not checking the validity of an X.509 certificate...

8.1CVSS7.5AI score0.00441EPSS
Exploits0References4
PyPA
PyPA
added 2022/09/21 5:15 p.m.7 views

PYSEC-2022-287

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

5.3CVSS6.8AI score0.00396EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/06/30 5:15 p.m.3 views

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

6.5CVSS6.4AI score0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.7 views

IBM Spectrum Protect Server 安全特征问题漏洞

IBM Spectrum Protect Server is a spectrum protection system from IBM USA, Inc. providing comprehensive data resiliency for physical file servers, virtual environments, and a wide range of applications.IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 have a security feature issue...

6.5CVSS5.5AI score0.0039EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 8:16 p.m.41 views

Security Bulletin: IBM Spectrum Protect Server vulnerable to offline dictionary and brute force attacks (CVE-2022-22496, CVE-2022-22487)

Summary The IBM Spectrum Protect Server is vulnerable to an offline dictionary attack when using SESSIONSECURITY=TRANSITIONAL. The IBM Spectrum Protect Storage agent is vulnerable to a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrati...

9.8CVSS1.1AI score0.0139EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/29 12:0 a.m.7 views

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

6.5CVSS6.2AI score0.0039EPSS
Exploits0References3Affected Software1
Atlassian
Atlassian
added 2022/03/11 1:55 p.m.23 views

Jira does not invalidate session after a password change

When a user changes their username via the UI the session cookie is not invalidated. For security purposes, all sessions should be invalidated and require the user to sign back in with the new password...

2.7AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2021-0383)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References6
OSV
OSV
added 2021/07/27 8:21 p.m.5 views

MGASA-2021-0383 Updated perl-Mojolicious package fixes security vulnerability

This update backports some significant security fixes relating to session security from the upstream 9.19 release. See upstream references for more informations...

7.2AI score
Exploits0References5
Rows per page
Query Builder