Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:SFP Secondary Cluster: Insecure Session Management
Category ID:965
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
57Vulnerabilities found
CVE-2022-3292
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.53%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:15
Updated-21 May, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Cache Containing Sensitive Information in ikus060/rdiffweb

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.

Action-Not Available
Vendor-IKUS Software
Product-rdiffwebikus060/rdiffweb
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2021-24027
Assigner-Meta Platforms, Inc.
ShareView Details
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-8.69% / 92.36%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 16:45
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.

Action-Not Available
Vendor-WhatsApp LLCFacebook
Product-whatsappwhatsapp_businessWhatsApp for AndroidWhatsApp Business for Android
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2019-14997
Assigner-Atlassian
ShareView Details
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.45%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 13:56
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Action-Not Available
Vendor-Atlassian
Product-jira_serverJira
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CVE-2019-11244
Assigner-Kubernetes
ShareView Details
Assigner-Kubernetes
CVSS Score-3.3||LOW
EPSS-0.10% / 27.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 14:54
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kubectl creates world-writeable cached schema files

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

Action-Not Available
Vendor-NetApp, Inc.Red Hat, Inc.Kubernetes
Product-kubernetesopenshift_container_platformtridentKubernetes
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-9494
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-5.9||MEDIUM
EPSS-1.45% / 80.56%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:31
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Action-Not Available
Vendor-w1.fiWi-Fi AllianceopenSUSEFedora ProjectFreeBSD FoundationSynology, Inc.
Product-freebsdradius_serverfedorahostapdbackports_slewpa_supplicantrouter_managerleapwpa_supplicant with SAE supporthostapd with SAE support
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2019-9495
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-3.7||LOW
EPSS-4.67% / 89.18%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:31
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Action-Not Available
Vendor-w1.fiWi-Fi AllianceDebian GNU/LinuxopenSUSEFreeBSD FoundationFedora ProjectSynology, Inc.
Product-freebsddebian_linuxradius_serverfedorahostapdbackports_slewpa_supplicantrouter_managerleaphostapd with EAP-pwd supportwpa_supplicant with EAP-pwd support
CWE ID-CWE-524
Use of Cache Containing Sensitive Information
CWE ID-CWE-203
Observable Discrepancy
CVE-2018-12538
Assigner-Eclipse Foundation
ShareView Details
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-0.52% / 66.35%
||
7 Day CHG~0.00%
Published-22 Jun, 2018 | 19:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBL
Product-hyper_converged_infrastructuresnapmanagere-series_santricity_management_plug-inse-series_santricity_os_controlleroncommand_system_managersnap_creator_frameworksantricity_cloud_connectore-series_santricity_web_services_proxyoncommand_unified_managerjettyelement_softwaresnapcenterEclipse Jetty
CWE ID-CWE-6
J2EE Misconfiguration: Insufficient Session-ID Length
CWE ID-CWE-384
Session Fixation
  • Previous
  • 1
  • 2
  • Next