Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-5309 | Session Fixation vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 9.8 |
| 2023-10-26 | CVE-2023-0897 | Session Fixation vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 9.8 |
| 2023-10-16 | CVE-2023-45687 | Session Fixation vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | 8.8 |
| 2023-10-09 | CVE-2023-44400 | Session Fixation vulnerability in Uptime.Kuma Uptime Kuma Uptime Kuma is a self-hosted monitoring tool. | 7.8 |
| 2023-09-20 | CVE-2023-42322 | Session Fixation vulnerability in Icmsdev Icms 7.0.16 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 |
| 2023-09-12 | CVE-2023-3711 | Session Fixation vulnerability in Honeywell Pm43 Firmware Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 8.8 |
| 2023-09-05 | CVE-2023-41012 | Session Fixation vulnerability in Chinamobile Intelligent Home Gateway Firmware Hg6543C4 An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. | 9.8 |
| 2023-08-31 | CVE-2023-4649 | Session Fixation vulnerability in Instantcms Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. | 5.4 |
| 2023-08-23 | CVE-2023-40273 | Session Fixation vulnerability in Apache Airflow The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. | 8.0 |
| 2023-08-09 | CVE-2023-24477 | Session Fixation vulnerability in Nozominetworks CMC and Guardian In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. | 7.0 |