Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38628 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2024-11-21 | 6.1 Medium |
| Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors. | ||||
| CVE-2022-38369 | 1 Apache | 1 Iotdb | 2024-11-21 | 8.8 High |
| Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. | ||||
| CVE-2022-38054 | 1 Apache | 1 Airflow | 2024-11-21 | 9.8 Critical |
| In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | ||||
| CVE-2022-34536 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 7.5 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token. | ||||
| CVE-2022-34334 | 1 Ibm | 1 Sterling Partner Engagement Manager | 2024-11-21 | 6.5 Medium |
| IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704. | ||||
| CVE-2022-33927 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 5.4 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session. | ||||
| CVE-2022-31798 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | 6.1 Medium |
| Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | ||||
| CVE-2022-31689 | 1 Vmware | 1 Workspace One Assist | 2024-11-21 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | ||||
| CVE-2022-30769 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.6 Medium |
| Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user. | ||||
| CVE-2022-2997 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.0 High |
| Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | ||||
| CVE-2022-2820 | 1 Namelessmc | 1 Nameless | 2024-11-21 | 7 High |
| Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. | ||||
| CVE-2022-27305 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 8.8 High |
| Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | ||||
| CVE-2022-26591 | 1 Fantec | 2 Mwid25-ds, Mwid25-ds Firmware | 2024-11-21 | 7.5 High |
| FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. | ||||
| CVE-2022-25896 | 2 Passport Project, Redhat | 2 Passport, Acm | 2024-11-21 | 4.8 Medium |
| This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. | ||||
| CVE-2022-24781 | 1 Geon Project | 1 Geon | 2024-11-21 | 7.1 High |
| Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists. | ||||
| CVE-2022-24745 | 1 Shopware | 1 Shopware | 2024-11-21 | 4.8 Medium |
| Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. | ||||
| CVE-2022-24444 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.5 Medium |
| Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | ||||
| CVE-2022-22681 | 1 Synology | 1 Photo Station | 2024-11-21 | 8.1 High |
| Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. | ||||
| CVE-2022-22551 | 1 Dell | 1 Emc Appsync | 2024-11-21 | 8.3 High |
| DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session. | ||||
| CVE-2022-1849 | 1 Filegator | 1 Filegator | 2024-11-21 | 5.4 Medium |
| Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | ||||