Vulnerabilities > Reliance on Cookies without Validation and Integrity Checking
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-25 | CVE-2022-29248 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Guzzle is a PHP HTTP client. | 8.1 |
| 2022-05-18 | CVE-2022-22785 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. | 6.4 |
| 2022-04-15 | CVE-2022-28113 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Fantec Mwid25-Ds Firmware 2.000.030 An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. | 9.0 |
| 2022-04-04 | CVE-2022-1148 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Gitlab Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites | 6.5 |
| 2022-01-21 | CVE-2021-36338 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Dell products Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. | 8.0 |
| 2022-01-01 | CVE-2021-41819 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. | 7.5 |
| 2021-09-27 | CVE-2021-3818 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Getgrav Grav grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking | 5.0 |
| 2021-06-09 | CVE-2021-33842 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. | 8.8 |
| 2021-04-06 | CVE-2021-28171 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Deltaflow Project Deltaflow The Vangene deltaFlow E-platform does not take properly protective measures. | 7.5 |
| 2020-12-10 | CVE-2020-29668 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. | 3.7 |