Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-40630 Session Fixation vulnerability in Tacitine products
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface.
network
low complexity
tacitine CWE-384
critical
9.8
2022-09-05 CVE-2022-38369 Session Fixation vulnerability in Apache Iotdb 0.13.0
Apache IoTDB version 0.13.0 is vulnerable by session id attack.
network
low complexity
apache CWE-384
8.8
2022-09-02 CVE-2022-38054 Session Fixation vulnerability in Apache Airflow
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
network
low complexity
apache CWE-384
critical
9.8
2022-08-25 CVE-2022-31798 Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together.
network
low complexity
nortekcontrol CWE-384
6.1
2022-08-10 CVE-2022-33927 Session Fixation vulnerability in Dell Wyse Management Suite
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability.
network
low complexity
dell CWE-384
6.5
2022-07-19 CVE-2022-34536 Session Fixation vulnerability in DW Megapix Firmware 4.2.0.32842
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token.
network
low complexity
dw CWE-384
7.5
2022-07-01 CVE-2022-25896 Session Fixation vulnerability in Passport Project Passport
This affects the package passport before 0.6.0.
network
high complexity
passport-project CWE-384
4.8
2022-06-28 CVE-2022-24444 Session Fixation vulnerability in Silverstripe
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
network
low complexity
silverstripe CWE-384
6.5
2022-05-25 CVE-2022-27305 Session Fixation vulnerability in Gibbonedu Gibbon
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
network
low complexity
gibbonedu CWE-384
8.8
2022-05-24 CVE-2022-1849 Session Fixation vulnerability in Filegator
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.
network
low complexity
filegator CWE-384
5.4