Export limit exceeded: 341338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9659 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5630 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request. | ||||
| CVE-2019-5431 | 1 Twitter | 1 Twitter Kit | 2024-11-21 | 5.4 Medium |
| This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service. | ||||
| CVE-2019-5430 | 1 Ui | 1 Unifi Video | 2024-11-21 | N/A |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | ||||
| CVE-2019-5318 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 6.5 Medium |
| A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability. | ||||
| CVE-2019-5272 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2024-11-21 | 4.9 Medium |
| USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. | ||||
| CVE-2019-4750 | 1 Ibm | 1 Cloud App Management | 2024-11-21 | 8.8 High |
| IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 173310. | ||||
| CVE-2019-4736 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 Medium |
| IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706. | ||||
| CVE-2019-4726 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363. | ||||
| CVE-2019-4613 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 8.8 High |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. | ||||
| CVE-2019-4515 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 6.5 Medium |
| IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137. | ||||
| CVE-2019-4231 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 4.3 Medium |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | ||||
| CVE-2019-4212 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.8 High |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. | ||||
| CVE-2019-4167 | 1 Ibm | 1 Storediq | 2024-11-21 | 6.5 Medium |
| IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700. | ||||
| CVE-2019-4142 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 8.8 High |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. | ||||
| CVE-2019-4117 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 8.8 High |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116. | ||||
| CVE-2019-4095 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015. | ||||
| CVE-2019-3959 | 1 Wallaceit | 1 Wallacepos | 2024-11-21 | N/A |
| Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2019-3894 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Single Sign On, Wildfly | 2024-11-21 | 8.8 High |
| It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. | ||||
| CVE-2019-3876 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 6.3 Medium |
| A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | ||||
| CVE-2019-3864 | 1 Redhat | 1 Quay | 2024-11-21 | 8.8 High |
| A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account. | ||||