Total
4240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16575 | 1 Jenkins | 1 Alauda Kubernetes Support | 2019-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | |||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2019-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||
| CVE-2019-16573 | 1 Jenkins | 1 Alauda Devops Pipeline | 2019-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-16565 | 1 Jenkins | 1 Team Concert | 2019-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-16570 | 1 Jenkins | 1 Rapiddeploy | 2019-12-18 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | |||||
| CVE-2019-0398 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | |||||
| CVE-2015-7537 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. | |||||
| CVE-2015-5318 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.8 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | |||||
| CVE-2019-19685 | 1 Nopcommerce | 1 Nopcommerce | 2019-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. | |||||
| CVE-2019-18346 | 1 Davical | 1 Davical | 2019-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. | |||||
| CVE-2019-4095 | 1 Ibm | 1 Cloud Pak System | 2019-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. | |||||
| CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| katello-headpin is vulnerable to CSRF in REST API | |||||
| CVE-2019-15934 | 1 Intesync | 1 Solismed | 2019-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| Intesync Solismed 3.3sp has CSRF. | |||||
| CVE-2019-19516 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. | |||||
| CVE-2016-8673 | 1 Siemens | 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more | 2019-12-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. | |||||
| CVE-2012-2079 | 1 Drupal | 1 Activity | 2019-12-11 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. | |||||
| CVE-2009-1802 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2019-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. | |||||
| CVE-2019-16002 | 1 Cisco | 1 Sd-wan Firmware | 2019-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. | |||||
| CVE-2015-3140 | 1 Synametrics | 3 Synaman, Syncrify, Syntail | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | |||||
| CVE-2013-6811 | 1 D-link | 2 Dsl6740u, Dsl6740u Firmware | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. | |||||