Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24332 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 5.3 Medium |
| In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. | ||||
| CVE-2022-24341 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 7.5 High |
| In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. | ||||
| CVE-2022-24042 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2024-08-03 | 9.1 Critical |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. | ||||
| CVE-2022-23669 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-08-03 | 8.8 High |
| A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23502 | 1 Typo3 | 1 Typo3 | 2024-08-03 | 5.4 Medium |
| TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. | ||||
| CVE-2022-22371 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-08-03 | 5.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. | ||||
| CVE-2022-22283 | 1 Samsung | 1 Health | 2024-08-03 | 2.8 Low |
| Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | ||||
| CVE-2022-21652 | 1 Shopware | 1 Shopware | 2024-08-03 | 3.5 Low |
| Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue. | ||||
| CVE-2022-4070 | 1 Librenms | 1 Librenms | 2024-08-03 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-3867 | 1 Hashicorp | 1 Nomad | 2024-08-03 | 2.7 Low |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. | ||||
| CVE-2022-3916 | 1 Redhat | 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more | 2024-08-03 | 6.8 Medium |
| A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | ||||
| CVE-2022-3362 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||
| CVE-2022-2888 | 1 Octoprint | 1 Octoprint | 2024-08-03 | 4.4 Medium |
| If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. | ||||
| CVE-2022-2782 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 9.1 Critical |
| In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | ||||
| CVE-2022-2713 | 1 Agentejo | 1 Cockpit | 2024-08-03 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. | ||||
| CVE-2022-2306 | 1 Heroiclabs | 1 Nakama | 2024-08-03 | 7.5 High |
| Old session tokens can be used to authenticate to the application and send authenticated requests. | ||||
| CVE-2022-2064 | 1 Xgenecloud | 1 Nocodb | 2024-08-03 | 8.8 High |
| Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | ||||
| CVE-2022-0991 | 1 Admidio | 1 Admidio | 2024-08-02 | 7.1 High |
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | ||||
| CVE-2023-50936 | 1 Ibm | 1 Powersc | 2024-08-02 | 6.3 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | ||||
| CVE-2023-49935 | 1 Schedmd | 1 Slurm | 2024-08-02 | 8.8 High |
| An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. The fixed versions are 23.02.7 and 23.11.1. | ||||