Filtered by vendor
Subscriptions
Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10318 | 1 F5 | 4 Nginx Api Connectivity Manager, Nginx Ingress Controller, Nginx Instance Manager and 1 more | 2024-11-08 | 5.4 Medium |
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session. | ||||
CVE-2024-48955 | 1 Netadmin | 1 Netadmin | 2024-11-01 | 8.1 High |
Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied. | ||||
CVE-2024-48929 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.2 Medium |
Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue. | ||||
CVE-2024-10158 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 4.3 Medium |
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8643 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | 9.8 Critical |
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | ||||
CVE-2024-45368 | 1 Automationdirect | 1 H2-dm1e Firmware | 2024-09-14 | 8.8 High |
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication. | ||||
CVE-2024-42345 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-09-10 | 4.3 Medium |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment. | ||||
CVE-2023-38018 | 1 Ibm | 1 Aspera Shares | 2024-08-29 | 6.3 Medium |
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | ||||
CVE-2018-4700 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | N/A |
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |