Vulnerabilities > Session Fixation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-05 | CVE-2020-9370 | Session Fixation vulnerability in Humaxdigital Hga12R-02 Firmware 1.1.53 HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. | 9.1 |
2020-02-20 | CVE-2020-8990 | Session Fixation vulnerability in Western Digital IBI and MY Cloud Home Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | 9.1 |
2020-02-06 | CVE-2014-10400 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. | 6.1 |
2020-02-06 | CVE-2014-10399 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. | 6.1 |
2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 7.5 |
2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |
2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 5.9 |
2020-01-09 | CVE-2020-5205 | Session Fixation vulnerability in Powauth POW In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. | 5.4 |
2020-01-02 | CVE-2019-10158 | Session Fixation vulnerability in multiple products A flaw was found in Infinispan through version 9.4.14.Final. | 9.8 |
2019-12-23 | CVE-2019-17563 | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |