805 matches found
GHSA-2CC5-23R7-VC4V Ratpack's default client side session signing key is highly predictable
Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...
CVE-2021-29481
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...
CVE-2021-29480
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...
CVE-2021-29480 Default client side session signing key is highly predictable
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...
Ratpack 安全漏洞
Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...
CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
UBUNTU-CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
CVE-2021-31769
CVE-2021-31769 affects MyQ X Smart prior to 8.2. The vulnerability allows remote code execution because administrative session data can be read from %PROGRAMFILES%\MyQ\PHP\Sessions, and the non‑administration‑restricted “Select server file” feature enables attackers to inject arbitrary OS command...
Nextcloud Talk Authorization Issues Vulnerability (CNVD-2021-44989)
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An authorization issue vulnerability exists in Nextcloud Talk that stems from unchanged cookie session data after changing authentication information in Talk. No details of the vulnerability a...
CVE-2021-21490
SAP NetWeaver AS for ABAP Web Survey, versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current...
SAP NetWeaver AS ABAP Business Server 跨站脚本漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP, which can be exploited by an attacker ...
Mozilla Firefox Data Forgery Issue Vulnerability (CNVD-2021-54703)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...
Shared Cookie
firefox uses shared cookie. The vulnerability exists due to having the address bar search suggestions in private browsing mode session data from normal mode...
Mozilla Firefox 数据伪造问题漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...
GO-2021-0084 Incorrect permissions for critical resource in github.com/astaxie/beego
Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data...
PYSEC-2021-113
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channe...
Brocade Fabric OS Encryption Issues Vulnerabilities
Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. Brocade Fabric OS has a cryptographic issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle in order to read and write data within a session...
Sonicwall SMA100 SQL Injection Vulnerability
The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A SQL injection vulnerability exists in the SonicWall SSLVPN SMA100 product, which allows a remote, unauthenticated attacker to execute a SQL query to access usernames passwords and other session-related information...