Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2020-11728
- EPSS 0.45%
- Veröffentlicht 15.04.2020 16:15:16
- Zuletzt bearbeitet 21.11.2024 04:58:29
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a sess...
9.8
CVE-2020-11729
- EPSS 0.47%
- Veröffentlicht 15.04.2020 16:15:16
- Zuletzt bearbeitet 21.11.2024 04:58:29
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.
1