Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-41012 Session Fixation vulnerability in Chinamobile Intelligent Home Gateway Firmware Hg6543C4
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.
network
low complexity
chinamobile CWE-384
critical
9.8
2023-08-09 CVE-2023-24477 Session Fixation vulnerability in Nozominetworks CMC and Guardian
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout.
local
high complexity
nozominetworks CWE-384
7.0
2023-07-12 CVE-2023-37946 Session Fixation vulnerability in Jenkins Openshift Login
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
8.8
2023-06-15 CVE-2023-28809 Session Fixation vulnerability in Hikvision products
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in.
network
high complexity
hikvision CWE-384
7.5
2023-05-16 CVE-2023-32997 Session Fixation vulnerability in Jenkins CAS
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
8.8
2023-05-11 CVE-2023-31498 Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
network
low complexity
phpgurukul CWE-384
critical
9.8
2023-05-09 CVE-2023-28316 Session Fixation vulnerability in Rocket.Chat
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA.
network
low complexity
rocket-chat CWE-384
critical
9.8
2023-05-09 CVE-2023-30056 Session Fixation vulnerability in Fico Origination Manager Decision 4.8.1
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
network
low complexity
fico CWE-384
7.5
2023-05-03 CVE-2023-1265 Session Fixation vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1.
network
low complexity
gitlab CWE-384
4.5
2023-04-21 CVE-2023-29019 Session Fixation vulnerability in Fastify Passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem.
network
low complexity
fastify CWE-384
8.1