Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-5550 | Session Fixation vulnerability in Plathome products Session fixation vulnerability in EasyBlocks IPv6 Ver. | 5.8 |
| 2020-04-01 | CVE-2020-5290 | Session Fixation vulnerability in Ctfd Rctf In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. | 4.3 |
| 2020-03-16 | CVE-2019-19610 | Session Fixation vulnerability in Halvotec Raquest 10.23.10801.0 An issue was discovered in Halvotec RaQuest 10.23.10801.0. | 5.8 |
| 2020-03-16 | CVE-2019-4617 | Session Fixation vulnerability in IBM Cloud Automation Manager 3.2.1.0 IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 3.6 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 7.5 |
| 2020-03-05 | CVE-2020-9370 | Session Fixation vulnerability in Humaxdigital Hga12R-02 Firmware 1.1.53 HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. | 9.1 |
| 2020-02-20 | CVE-2020-8990 | Session Fixation vulnerability in Western Digital IBI and MY Cloud Home Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | 6.4 |
| 2020-02-06 | CVE-2014-10400 | Session Fixation vulnerability in Keplerproject Cgilua 5.2 The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. | 4.3 |
| 2020-02-06 | CVE-2014-10399 | Session Fixation vulnerability in Keplerproject Cgilua 5.2 The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. | 4.3 |
| 2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 5.0 |