Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2024-08-05 | N/A |
| Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||||
| CVE-2017-1000131 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. | ||||
| CVE-2017-1000135 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | ||||
| CVE-2017-1000136 | 1 Mahara | 1 Mahara | 2024-08-05 | N/A |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | ||||
| CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | ||||
| CVE-2017-15653 | 1 Asus | 1 Asuswrt | 2024-08-05 | N/A |
| Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | ||||
| CVE-2024-29401 | 2024-08-05 | 9.8 Critical | ||
| xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. | ||||
| CVE-2017-14007 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2024-08-05 | N/A |
| An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization. | ||||
| CVE-2017-12867 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-08-05 | N/A |
| The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | ||||
| CVE-2017-12191 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-05 | N/A |
| A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to. | ||||
| CVE-2017-6529 | 1 Dnatools | 1 Dnalims | 2024-08-05 | N/A |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. | ||||
| CVE-2017-3215 | 1 Milwaukee | 1 One-key | 2024-08-05 | N/A |
| The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions. | ||||
| CVE-2018-21018 | 1 Joinmastodon | 1 Mastodon | 2024-08-05 | 9.8 Critical |
| Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | ||||
| CVE-2018-11386 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-08-05 | N/A |
| An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. | ||||
| CVE-2018-10990 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2024-08-05 | 8.0 High |
| On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. | ||||
| CVE-2018-7758 | 1 Schneider-electric | 46 Micom P141, Micom P141 Firmware, Micom P142 and 43 more | 2024-08-05 | N/A |
| A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. | ||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-08-05 | N/A |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | ||||
| CVE-2018-5438 | 1 Philips | 1 Intellispace Cardiovascular | 2024-08-05 | N/A |
| Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. | ||||
| CVE-2018-2451 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed. | ||||
| CVE-2018-1127 | 1 Redhat | 2 Gluster Storage, Storage | 2024-08-05 | N/A |
| Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. | ||||