Vulnerabilities > Insufficient Session Expiration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-17 | CVE-2017-14007 | Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 6.8 |
2017-08-29 | CVE-2017-12867 | Insufficient Session Expiration vulnerability in Simplesamlphp The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | 4.3 |
2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 6.8 |
2017-06-20 | CVE-2017-3215 | Insufficient Session Expiration vulnerability in Milwaukee One-Key The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. | 5.0 |
2017-04-13 | CVE-2016-8712 | Insufficient Session Expiration vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. | 8.1 |
2017-04-10 | CVE-2016-5069 | Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | 7.5 |
2017-03-09 | CVE-2017-6529 | Insufficient Session Expiration vulnerability in Dnatools Dnalims 42015S13 An issue was discovered in dnaTools dnaLIMS 4-2015s13. | 6.8 |
2014-12-08 | CVE-2014-3616 | Insufficient Session Expiration vulnerability in multiple products nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | 4.3 |