Falhas do tipo CWE-613

383 resultados
CVE-2023-30403HIGHAn issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass EPSS 14.9%CVE-2020-8234A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be gEPSS 3.4%CVE-2016-6545iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each requestEPSS 3.1%CVE-2024-48827HIGHAn issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password funEPSS 2.7%CVE-2021-25981CRITICALTalkyard - Insufficient Session ExpirationEPSS 2.5%CVE-2017-12159It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain acEPSS 2.4%CVE-2021-39113HIGHAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after loEPSS 1.8%CVE-2021-21031MEDIUMMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized AccessEPSS 1.7%CVE-2021-34739HIGHCisco Small Business Series Switches Session Credentials Replay VulnerabilityEPSS 1.6%CVE-2021-21032MEDIUMMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized AccessEPSS 1.6%CVE-2021-25992CRITICALifme - Insufficient Session ExpirationEPSS 1.5%CVE-2024-0944LOWTotolink T8 cstecgi.cgi session expirationEPSS 1.5%CVE-2022-3080HIGHBIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedlyEPSS 1.5%CVE-2021-1501HIGHCisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service VulnerabilityEPSS 1.3%CVE-2023-50270MEDIUMApache DolphinScheduler: Session do not expire after password changeEPSS 1.3%CVE-2021-25970HIGHCamaleon CMS - Insufficient Session Expiration after Password ChangeEPSS 1.3%CVE-2018-1127MEDIUMTendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain aEPSS 1.3%CVE-2022-24743HIGHInsufficient Session Expiration in SyliusEPSS 1.2%CVE-2024-22543MEDIUMAn issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET reEPSS 1.2%CVE-2022-41672Session still functional after user is deactivatedEPSS 1.2%