Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-35948 Session Fixation vulnerability in Owncloud
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
network
owncloud CWE-384
5.8
2021-08-25 CVE-2021-22237 Session Fixation vulnerability in Gitlab
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.
network
low complexity
gitlab CWE-384
4.0
2021-08-23 CVE-2021-39290 Session Fixation vulnerability in Netmodule products
Certain NetModule devices allow Limited Session Fixation via PHPSESSID.
network
low complexity
netmodule CWE-384
7.5
2021-08-05 CVE-2021-22927 Session Fixation vulnerability in Citrix products
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
network
citrix CWE-384
5.8
2021-06-30 CVE-2021-21671 Session Fixation vulnerability in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.
network
high complexity
jenkins CWE-384
5.1
2021-06-24 CVE-2021-32710 Session Fixation vulnerability in Shopware
Shopware is an open source eCommerce platform.
network
low complexity
shopware CWE-384
5.0
2021-06-22 CVE-2021-35046 Session Fixation vulnerability in Icehrm 29.0.0.Os
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
network
icehrm CWE-384
5.8
2021-06-21 CVE-2010-1434 Session Fixation vulnerability in Joomla Joomla!
Joomla! Core is prone to a session fixation vulnerability.
network
low complexity
joomla CWE-384
5.0
2021-06-16 CVE-2021-32676 Session Fixation vulnerability in Nextcloud Talk
Nextcloud Talk is a fully on-premises audio/video and chat communication service.
network
low complexity
nextcloud CWE-384
4.0
2021-05-27 CVE-2021-33394 Session Fixation vulnerability in Cubecart 6.4.2
Cubecart 6.4.2 allows Session Fixation.
network
low complexity
cubecart CWE-384
5.5