Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-35948 Session Fixation vulnerability in Owncloud
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
network
low complexity
owncloud CWE-384
5.4
2021-08-25 CVE-2021-22237 Session Fixation vulnerability in Gitlab
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.
network
low complexity
gitlab CWE-384
4.9
2021-08-23 CVE-2021-39290 Session Fixation vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0
Certain NetModule devices allow Limited Session Fixation via PHPSESSID.
network
low complexity
netmodule CWE-384
critical
9.8
2021-08-05 CVE-2021-22927 Session Fixation vulnerability in Citrix products
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
network
low complexity
citrix CWE-384
8.1
2021-06-22 CVE-2021-35046 Session Fixation vulnerability in Icehrm 29.0.0.Os
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
network
low complexity
icehrm CWE-384
6.1
2021-05-27 CVE-2021-33394 Session Fixation vulnerability in Cubecart 6.4.2
Cubecart 6.4.2 allows Session Fixation.
network
low complexity
cubecart CWE-384
5.4
2021-05-26 CVE-2018-16495 Session Fixation vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application.
network
low complexity
versa-networks CWE-384
8.8
2021-03-10 CVE-2020-35229 Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
low complexity
netgear CWE-384
8.8
2021-02-26 CVE-2019-18946 Session Fixation vulnerability in Microfocus Solutions Business Manager
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
low complexity
microfocus CWE-384
4.8
2021-02-18 CVE-2020-35591 Session Fixation vulnerability in Pi-Hole 5.0/5.1/5.1.1
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation.
network
low complexity
pi-hole CWE-384
5.4