Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Low
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
09.07.2017
Micha Borrmann
CVEMAP Search Results
CVE
Details
Description
2020-02-07
Medium
CVE-2020-1768
Vendor:
OTRS
Software:
OTRS
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
2020-01-22
Low
CVE-2019-5647
Vendor:
Rapid7
Software:
Appspider
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
2020-01-14
Low
CVE-2020-0621
Vendor:
Microsoft
Software:
Windows 10
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.
2019-12-18
Medium
CVE-2019-11106
Vendor:
Intel
Software:
Converged se...
Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
Medium
CVE-2019-8803
Vendor:
Apple
Software:
Ipados
An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
2019-11-19
Medium
CVE-2019-12421
Vendor:
Apache
Software:
NIFI
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi.
2019-11-14
Medium
CVE-2019-11168
Updating...
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
2019-10-09
Medium
CVE-2019-17375
Vendor:
Cpanel
Software:
Cpanel
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
2019-09-22
Medium
CVE-2018-21018
Vendor:
Joinmastodon
Software:
Mastodon
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
2019-09-18
Medium
CVE-2019-5531
Vendor:
Vmware
Software:
Vcenter server
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user?s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
Copyright
2020
, cxsecurity.com
Back to Top
