Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Low
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
09.07.2017
Micha Borrmann
CVEMAP Search Results
CVE
Details
Description
2020-06-22
Medium
CVE-2020-6644
Vendor:
Fortinet
Software:
Fortideceptor
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
2020-06-19
Medium
CVE-2017-18905
Vendor:
Mattermost
Software:
Mattermost s...
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
2020-05-11
Low
CVE-2020-1724
Vendor:
Redhat
Software:
Keycloak
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
2020-05-07
Medium
CVE-2020-12690
Vendor:
Openstack
Software:
Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
2020-04-28
Medium
CVE-2020-9482
Vendor:
Apache
Software:
Nifi registry
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry.
Medium
CVE-2016-11058
Vendor:
Netgear
Software:
Genie
The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.
2020-04-22
Medium
CVE-2020-11688
Vendor:
Jetbrains
Software:
Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
Medium
CVE-2020-11795
Vendor:
Jetbrains
Software:
Space
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
Medium
CVE-2020-8867
Vendor:
Opcfoundation
Software:
Unified arch...
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.
2020-03-24
Medium
CVE-2020-4253
Vendor:
IBM
Software:
Content navi...
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.
Copyright
2020
, cxsecurity.com
Back to Top
