Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2020-15679 | Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. | 7.6 |
| 2022-12-13 | CVE-2022-38628 | Session Fixation vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. | 6.1 |
| 2022-11-21 | CVE-2022-44788 | Session Fixation vulnerability in Maggioli Appalti & Contratti 9.12.2 An issue was discovered in Appalti & Contratti 9.12.2. | 6.5 |
| 2022-11-16 | CVE-2022-44007 | Session Fixation vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. | 8.8 |
| 2022-11-15 | CVE-2022-30769 | Session Fixation vulnerability in Zoneminder Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. | 4.6 |
| 2022-11-14 | CVE-2022-43687 | Session Fixation vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. | 5.4 |
| 2022-11-09 | CVE-2022-31689 | Session Fixation vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. | 9.8 |
| 2022-11-08 | CVE-2022-43398 | Session Fixation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). | 8.8 |
| 2022-10-31 | CVE-2022-40293 | Session Fixation vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a session fixation that could be used hijack accounts. | 9.8 |
| 2022-10-24 | CVE-2021-46279 | Session Fixation vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. | 8.8 |