Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
Low
MailDepot 2032 SP2 Session Expiration
30.09.2020
Micha Borrmann
Low
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
09.07.2017
Micha Borrmann
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2022-01-18
Medium
CVE-2021-37866
Vendor:
Mattermost
Software:
Mattermost b...
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.
2022-01-13
CVE-2022-22122
Updating...
Medium
CVE-2022-22113
Vendor:
Daybydaycrm
Software:
Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
2022-01-05
Medium
CVE-2022-21652
Vendor:
Shopware
Software:
Shopware
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.
2021-12-08
Medium
CVE-2020-27416
Vendor:
Mahadiscom
Software:
Mahavitaran
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
2021-12-02
Medium
CVE-2021-43791
Vendor:
Zulip
Software:
Zulip
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.
2021-11-30
Medium
CVE-2021-42545
Vendor:
Business-dnasolutions
Software:
Topease
Medium
CVE-2021-36330
Vendor:
DELL
Software:
Emc streamin...
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
2021-11-16
Medium
CVE-2021-25940
Vendor:
Arangodb
Software:
Arangodb
Medium
CVE-2021-25985
Vendor:
Darwin
Software:
Factor
Copyright
2022
, cxsecurity.com
Back to Top
Polish
English