Vulnerabilities (CVE)

Filtered by CWE-565

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-35885	1 Mgt-commerce	1 Cloudpanel	2023-08-02	N/A	9.8 CRITICAL
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
CVE-2021-28171	1 Deltaflow Project	1 Deltaflow	2022-07-29	7.5 HIGH	9.8 CRITICAL
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.
CVE-2022-22785	1 Zoom	1 Meetings	2022-05-27	6.4 MEDIUM	9.1 CRITICAL
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.
CVE-2019-7266	1 Nortekcontrol	4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more	2020-08-24	7.5 HIGH	9.8 CRITICAL
Linear eMerge 50P/5000P devices allow Authentication Bypass.
CVE-2017-7279	1 Unitrends	1 Enterprise Backup	2019-10-03	10.0 HIGH	9.8 CRITICAL
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
CVE-2018-5190	1 Picturespro	1 Picturespro	2019-10-03	5.0 MEDIUM	9.8 CRITICAL
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.
CVE-2018-20512	1 Cdatatec	22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more	2019-10-03	10.0 HIGH	9.8 CRITICAL
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.