Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-7350 | Session Fixation vulnerability in Zoneminder Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. | 7.3 |
| 2019-01-30 | CVE-2018-17199 | Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. | 7.5 |
| 2019-01-09 | CVE-2018-1000409 | Session Fixation vulnerability in Jenkins A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. | 5.4 |
| 2018-12-13 | CVE-2018-1804 | Session Fixation vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2018-12-12 | CVE-2018-1485 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.3 |
| 2018-12-12 | CVE-2018-1484 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2018-12-12 | CVE-2018-1480 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. | 5.3 |
| 2018-11-27 | CVE-2018-13337 | Session Fixation vulnerability in Terra-Master Terramaster Operating System 3.1.03 Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | 5.4 |
| 2018-11-22 | CVE-2018-19443 | Session Fixation vulnerability in Tryton 5.0.0 The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. | 5.9 |
| 2018-11-08 | CVE-2018-6434 | Session Fixation vulnerability in Broadcom Fabric Operating System A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. | 7.5 |