Vulnerabilities > Session Fixation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-02 | CVE-2022-38054 | Session Fixation vulnerability in Apache Airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | 9.8 |
2022-08-25 | CVE-2022-31798 | Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. | 6.1 |
2022-08-10 | CVE-2022-33927 | Session Fixation vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. | 6.5 |
2022-07-19 | CVE-2022-34536 | Session Fixation vulnerability in DW Megapix Firmware 4.2.0.32842 Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token. | 7.5 |
2022-07-01 | CVE-2022-25896 | Session Fixation vulnerability in Passport Project Passport This affects the package passport before 0.6.0. | 4.8 |
2022-06-28 | CVE-2022-24444 | Session Fixation vulnerability in Silverstripe Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | 6.5 |
2022-05-25 | CVE-2022-27305 | Session Fixation vulnerability in Gibbonedu Gibbon Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | 8.8 |
2022-05-24 | CVE-2022-1849 | Session Fixation vulnerability in Filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | 5.4 |
2022-04-27 | CVE-2021-38869 | Session Fixation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. | 9.8 |
2022-04-06 | CVE-2022-26591 | Session Fixation vulnerability in Fantec Mwid25-Ds Firmware 2.000.030 FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. | 7.5 |