Total
323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18125 | 1 Qualcomm | 18 Mdm9206, Mdm9206 Firmware, Mdm9607 and 15 more | 2024-09-16 | N/A |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only. | ||||
| CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2019-4563 | 1 Ibm | 1 Security Directory Server | 2024-09-16 | 5.3 Medium |
| IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624. | ||||
| CVE-2018-17199 | 6 Apache, Canonical, Debian and 3 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2024-09-16 | N/A |
| In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. | ||||
| CVE-2019-4152 | 1 Ibm | 1 Security Access Manager | 2024-09-16 | 4.4 Medium |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515. | ||||
| CVE-2018-9026 | 1 Broadcom | 1 Privileged Access Manager | 2024-09-16 | N/A |
| A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | ||||
| CVE-2018-6959 | 1 Vmware | 1 Vrealize Automation | 2024-09-16 | N/A |
| VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. | ||||
| CVE-2019-3784 | 1 Cloudfoundry | 1 Stratos | 2024-09-16 | N/A |
| Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. | ||||
| CVE-2011-4718 | 1 Php | 1 Php | 2024-09-16 | N/A |
| Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | ||||
| CVE-2019-4304 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | 6.3 Medium |
| IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. | ||||
| CVE-2018-17902 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-09-16 | N/A |
| Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. | ||||
| CVE-2018-10591 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | ||||
| CVE-2018-14387 | 1 Wondercms | 1 Wondercms | 2024-09-16 | N/A |
| An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in. | ||||
| CVE-2018-1626 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-09-16 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411. | ||||
| CVE-2019-0102 | 1 Intel | 1 Data Center Manager | 2024-09-16 | N/A |
| Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-25896 | 2 Passport Project, Redhat | 2 Passport, Acm | 2024-09-16 | 4.8 Medium |
| This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. | ||||
| CVE-2018-1484 | 1 Ibm | 1 Bigfix Platform | 2024-09-16 | N/A |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969. | ||||
| CVE-2019-4227 | 1 Ibm | 1 Mq | 2024-09-16 | 7.3 High |
| IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352. | ||||
| CVE-2019-4439 | 1 Ibm | 1 Cloud Private | 2024-09-16 | 5.3 Medium |
| IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949. | ||||
| CVE-2020-5021 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 4.4 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. | ||||