Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-22 | CVE-2018-19443 | Session Fixation vulnerability in Tryton 5.0.0 The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. | 5.9 |
| 2018-11-08 | CVE-2018-6434 | Session Fixation vulnerability in Broadcom Fabric Operating System A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. | 7.5 |
| 2018-11-04 | CVE-2018-18926 | Session Fixation vulnerability in Gitea Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. | 9.8 |
| 2018-11-04 | CVE-2018-18925 | Session Fixation vulnerability in Gogs Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. | 9.8 |
| 2018-10-31 | CVE-2018-13282 | Session Fixation vulnerability in Synology Photo Station Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 6.3 |
| 2018-10-30 | CVE-2018-16463 | Session Fixation vulnerability in Nextcloud Server A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | 3.1 |
| 2018-10-19 | CVE-2018-18380 | Session Fixation vulnerability in Bigtreecms Bigtree CMS A Session Fixation issue was discovered in Bigtree before 4.2.24. | 5.4 |
| 2018-10-12 | CVE-2018-17902 | Session Fixation vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. | 5.3 |
| 2018-09-28 | CVE-2018-9082 | Session Fixation vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. | 8.8 |
| 2018-09-26 | CVE-2018-8852 | Session Fixation vulnerability in Philips E-Alert Firmware 2.1/R2.1 Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 8.8 |