SUSE CVE-2020-35681

Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...

SUSE CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

SUSE CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

CVE-2023-23553

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

Tenable.sc 代码问题漏洞

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 6.0.0 that stems from imprope...

PT-2022-26472 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the EmbmsSessionData::encode function due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privileges...

CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...

PT-2022-27837 · Siemens · Scalance X204Rna Eec +1

Name of the Vulnerable Software and Affected Versions: SCALANCE X204RNA HSR versions prior to V3.2.7 SCALANCE X204RNA PRP versions prior to V3.2.7 SCALANCE X204RNA EEC HSR versions prior to V3.2.7 SCALANCE X204RNA EEC PRP versions prior to V3.2.7 SCALANCE X204RNA EEC PRP/HSR versions prior to...

Siemens SCALANCE Series 安全漏洞

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server...

多款Kyocera产品安全漏洞

The Kyocera ECOSYS Series and Kyocera FS Series are both a series of printers from Kyocera, Japan. A security vulnerability exists in the Kyocera MFP 4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN versions, which stems from the presence of session information in the printers...

slixmpp 信任管理问题漏洞

slixmpp is an open source, Python-based XMPP eXtensible Messaging and Presence Protocol, Extensible Message Processing and Presence Protocol library. A security vulnerability exists in slixmpp. An attacker exploiting this vulnerability could read or write data in a session...

Information Disclosure

github.com/relatedcode/messenger is vulnerable to information disclosure. The vulnerability exists because application exposes the session data of the users of the application to the public which allows an attacker to access sensitive data of any user in the application...

IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 23...

CVE-2022-2569

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users...

CVE-2022-2569

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users...

CVE-2022-2569 ARC Informatique PcVue

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users...

PT-2022-17465 · Arc Informatique · Pcvue 12 Oauth Web Service Configuration +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue allows an authenticated user to potentially access session data stored in the OAuth database belonging to legitimate users, as sensitive information is stored in cleartext...

ARC Informatique PcVue 安全漏洞

ARC Informatique PcVue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications such as industrial control, building management, energy management, smart grid, energy...