Total
5731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12624 | 1 Cisco | 19 5760 Wireless Lan Controller, Catalyst 3650-12x48uq, Catalyst 3650-12x48ur and 16 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | |||||
| CVE-2019-11457 | 1 Micropyramid | 1 Django Crm | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/. | |||||
| CVE-2019-11207 | 1 Tibco | 42 Loglogic Enterprise Virtual Appliance, Loglogic Log Management Intelligence, Loglogic Lx1025 and 39 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. | |||||
| CVE-2018-8925 | 1 Synology | 1 Photo Station | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | |||||
| CVE-2018-8844 | 1 Philips | 1 E-alert Firmware | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | |||||
| CVE-2018-6651 | 2 Parsecgaming, Uncurl Project | 2 Parsec, Uncurl | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer. | |||||
| CVE-2018-2001 | 1 Ibm | 1 Curam Social Program Management | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. | |||||
| CVE-2018-2000 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-1790 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | |||||
| CVE-2018-1712 | 1 Ibm | 1 Api Connect | 2019-10-09 | 7.5 HIGH | 9.9 CRITICAL |
| IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | |||||
| CVE-2018-1661 | 1 Ibm | 1 Datapower Gateway | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. | |||||
| CVE-2018-1622 | 1 Ibm | 1 Security Privileged Identity Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. | |||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||||
| CVE-2018-1455 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | |||||
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | |||||
| CVE-2018-1230 | 1 Pivotal Software | 1 Spring Batch Admin | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. | |||||
| CVE-2018-16854 | 1 Moodle | 1 Moodle | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | |||||