Improper Access Control in GitHub repository namelessmc/nameless prior to v2.0.2.
CWE-613
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
CVE-2022-2783
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
CVE-2022-2713
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
CVE-2022-25590
SurveyKing v0.2.0 was discovered to retain users’ session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
CVE-2022-24732
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.