Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-38054 Session Fixation vulnerability in Apache Airflow
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
network
low complexity
apache CWE-384
critical
9.8
2022-08-25 CVE-2022-31798 Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together.
network
low complexity
nortekcontrol CWE-384
6.1
2022-08-10 CVE-2022-33927 Session Fixation vulnerability in Dell Wyse Management Suite
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability.
network
low complexity
dell CWE-384
6.5
2022-07-19 CVE-2022-34536 Session Fixation vulnerability in DW Megapix Firmware 4.2.0.32842
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token.
network
low complexity
dw CWE-384
7.5
2022-07-01 CVE-2022-25896 Session Fixation vulnerability in Passport Project Passport
This affects the package passport before 0.6.0.
network
high complexity
passport-project CWE-384
4.8
2022-06-28 CVE-2022-24444 Session Fixation vulnerability in Silverstripe
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
network
low complexity
silverstripe CWE-384
6.5
2022-05-25 CVE-2022-27305 Session Fixation vulnerability in Gibbonedu Gibbon
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
network
low complexity
gibbonedu CWE-384
8.8
2022-05-24 CVE-2022-1849 Session Fixation vulnerability in Filegator
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.
network
low complexity
filegator CWE-384
5.4
2022-04-27 CVE-2021-38869 Session Fixation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout.
network
low complexity
ibm CWE-384
critical
9.8
2022-04-06 CVE-2022-26591 Session Fixation vulnerability in Fantec Mwid25-Ds Firmware 2.000.030
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.
network
low complexity
fantec CWE-384
7.5