Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3636 | 1 Redhat | 1 Freeipa | 2023-02-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | |||||
| CVE-2015-5182 | 1 Redhat | 1 Amq | 2023-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | |||||
| CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| CFME: CSRF protection vulnerability via permissive check of the referrer header | |||||
| CVE-2014-0151 | 1 Redhat | 1 Ovirt-engine | 2023-02-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | |||||
| CVE-2013-4405 | 1 Redhat | 1 Enterprise Mrg | 2023-02-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests. | |||||
| CVE-2013-0196 | 1 Redhat | 2 Enterprise Linux, Openshift | 2023-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. | |||||
| CVE-2013-0185 | 1 Redhat | 1 Manageiq Enterprise Virtualization Manager | 2023-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2012-5622 | 1 Redhat | 1 Openshift | 2023-02-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | |||||
| CVE-2019-3876 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.3 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. | |||||
| CVE-2019-14836 | 1 Redhat | 1 3scale | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks. | |||||
| CVE-2019-10176 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | |||||
| CVE-2016-0720 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||||
| CVE-2015-5188 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2023-02-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. | |||||
| CVE-2021-24581 | 1 Blue-admin Project | 1 Blue-admin | 2023-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2019-3718 | 1 Dell | 1 Supportassist | 2023-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. | |||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||||
| CVE-2021-36443 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | |||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | |||||
| CVE-2023-25015 | 2 Clockwork Web Project, Rubyonrails | 2 Clockwork Web, Rails | 2023-02-09 | N/A | 6.5 MEDIUM |
| Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |||||