ZenML Code Issue Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...

The vulnerability of the Fortinet FortiDeceptor tool for detecting and responding to external and internal security threats is related to the incorrect validity period of the session. This allows attackers to escalate their privileges.

The vulnerability of the Fortinet FortiDeceptor tool for detecting and responding to external and internal security threats is related to the incorrect duration of the session. Exploiting this vulnerability allows a remote attacker to enhance their privileges by using the session identifier...

Improper Privilege Management in Gitea

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...

in cortezaproject/corteza-server

Set up the cortezaproject in your local machine. Steps: -------- 1. Create the account on corteza 2. Login using same credentails from chrome and firefox. 3. Change user password from chrome. 4. Perform any activity in Firefox the session is still valid. Mitigation: --------------- After changing...

Invigo Automatic Device Management Session Validity Check Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-10581

Invigo Automatic Device Management (ADM) up to version 5.0 contains multiple session validity check issues in several administration functions. The Red Hat/CVE, NVD, CNVD, CVE listings and related advisories describe a vulnerability that could allow remote attackers to read potentially sensitive ...

Invigo Automatic Device Management 安全漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

Authentication Bypass

centreon is susceptible to authentication bypass. The vulnerability exists because it uses host macros which does not correctly check session validity using session ID, leading to bypass of authentication...

CVE-2019-10136

It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

SUSE-SU-2019:1789-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: spacewalk-backend: - Do not duplicate 'http://' protocol when using proxies with 'deb' repositories bsc1138313 - Fix reposync when dealing with RedHat CDN bsc1138358 - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of heade...

Insecure Signature Validation

spacewalk uses insecure authentication signature validation. The client token checksums are not properly computed, which would allow an attacker to extend session validity by modifying the authenticated header set without modifying the checksum...

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

Design/Logic Flaw

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

spacewalk: Insecure computation of authentication signatures during user authentication

It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

Pivotal Cloud Foundry Multiple Product Design Vulnerabilities

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. UAA i...

Buffalo LinkStation authentication bypass

Session validity is not checked on request...