Lucene search
K

403 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.18 views

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

9.8CVSS7.4AI score0.0717EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.9 views

CVE-2021-3304

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI...

9.8CVSS7.6AI score0.01261EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.7 views

CVE-2020-5224

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

8.8CVSS5.9AI score0.00439EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 p.m.6 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time and the incrementing sessionid can impersonate a session...

7.5CVSS6.7AI score0.01588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:13 a.m.6 views

CVE-2010-3323

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...

4.6CVSS7AI score0.00762EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:11 p.m.7 views

CVE-2006-4943

course/jumpto.php in Moodle before 1.6.2 does not validate the session key sesskey before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter...

5CVSS6.6AI score0.01241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/05 10:18 a.m.19 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

6.2CVSS5.1AI score0.00473EPSS
Exploits1References10
CVE
CVE
added 2025/05/03 10:16 a.m.88 views

CVE-2024-58135

Mojolicious (Perl) vulnerability CVE-2024-58135: default app skeleton generation using mojo generate app writes a weak HMAC session secret via the insecure rand() function, enabling potential brute-forcing of session keys. Affected: Mojolicious versions from 7.28 for Perl (and related 0.999922–9....

5.3CVSS6.3AI score0.00473EPSS
Exploits1References13Affected Software1
Cvelist
Cvelist
added 2025/05/03 10:16 a.m.33 views

CVE-2024-58135 Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

0.00473EPSS
Exploits1References13
Packet Storm
Packet Storm
added 2025/03/31 12:0 a.m.203 views

Solstice Pod 5.5 / 6.2 Information Disclosure

Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/15 8:10 a.m.25 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7.2AI score0.00594EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 5:15 p.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS0.00594EPSS
Exploits1References2
OSV
OSV
added 2025/03/13 12:0 a.m.5 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7AI score0.00594EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

6.9AI score0.00594EPSS
Exploits1References2
CVE
CVE
added 2025/03/13 12:0 a.m.54 views

CVE-2024-53406

CVE-2024-53406 affects Espressif ESP-IDF v5.3.0. The issue is described as insecure permissions that enable authentication bypass, with the reconnection phase reusing a prior session key, creating a foothold for security bypass attacks. The documented CVSS v3.1 base score is 8.8 (HIGH) with netwo...

8.8CVSS7.4AI score0.00594EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/13 12:0 a.m.20 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

0.00594EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but...

7.5CVSS6.7AI score0.0125EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2017-2625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could...

6.5CVSS6.4AI score0.00534EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.4 views

Qualcomm Chipsets 授权问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An authorization issue vulnerability exists in Qualcomm Chipsets that stems from information disclosure during session key derivation...

5.5CVSS6.2AI score0.00101EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 9:35 p.m.9 views

CVE-2022-24400

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS6.4AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder