Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2018-5385 | Session Fixation vulnerability in Navarino Infinity 2.2 Navarino Infinity is prone to session fixation attacks. | 8.8 |
| 2018-07-19 | CVE-2016-9574 | Session Fixation vulnerability in Mozilla Network Security Services nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | 5.9 |
| 2018-07-18 | CVE-2018-14387 | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 8.8 |
| 2018-07-13 | CVE-2016-6545 | Session Fixation vulnerability in Ieasytec Itrackeasy Session cookies are not used for maintaining valid sessions in iTrack Easy. | 9.8 |
| 2018-07-10 | CVE-2018-1492 | Session Fixation vulnerability in IBM products IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. | 6.8 |
| 2018-06-26 | CVE-2018-1000602 | Session Fixation vulnerability in Jenkins Saml A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | 5.9 |
| 2018-06-26 | CVE-2018-1000519 | Session Fixation vulnerability in Aio-Libs Project Aiohttp aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. | 6.5 |
| 2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |
| 2018-06-21 | CVE-2018-0359 | Session Fixation vulnerability in Cisco Meeting Server 2.3.0 A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. | 5.5 |
| 2018-06-18 | CVE-2018-9026 | Session Fixation vulnerability in Broadcom Privileged Access Manager A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | 7.5 |