CVE-2025-1412 Session Persistence After User-to-Bot Conversion

Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...

CVE-2025-1412 Session Persistence After User-to-Bot Conversion

Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 Session Persistence

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

PT-2024-35375 · Jenkins · Jenkins Openid Connect Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenId Connect Authentication Plugin versions 4.418.vccc7061f5b 6d and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, allowing attackers to potentially use social engineerin...

RHEL 8 : jbossweb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Note that Nessus has not...

PT-2024-40534 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows existing sessions for a user account to remain active even after the user changes their password. To exploit this, an attacker would need a valid user account, either...

CVE-2024-35049

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590...

SurveyKing 安全漏洞

SurveyKing is a powerful questionnaire system and exam system for javahuang individual developers. A security vulnerability exists in SurveyKing v1.3.1, which stems from the ability to keep a session active after a user logs out...

The vulnerability of the Redmine project and task management web application relates to incorrect session expiration times, allowing attackers to continue existing user sessions after two-factor authentication is enabled.

The vulnerability of the Redmine project and task management web application is related to an incorrect session expiration time. Exploiting this vulnerability allows a malicious actor to continue existing user sessions after two-factor authentication is enabled...

CVE-2023-41041 User session is still usable after logout in graylog2-server

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...

CLSA-2023-1691083477 Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484

SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases...

PT-2023-26469 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.5.8.3 Kirby versions prior to 3.6.6.3 Kirby versions prior to 3.7.5.2 Kirby versions prior to 3.8.4.1 Kirby versions prior to 3.9.6 Description: The issue affects all Kirby sites with user accounts, unless Kirby's AP...

SUSE CVE-2023-32318

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...

CVE-2023-22771

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account...

CVE-2023-22771 Insufficient Session Expiration in ArubaOS Command Line Interface

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account...

K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714

Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...

SUSE CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...

SUSE CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...