Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8282 | 1 Ui | 4 Edgemax Edgepower 24v, Edgemax Edgepower 24v Firmware, Edgemax Edgepower 54v and 1 more | 2024-11-21 | 8.8 High |
| A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | ||||
| CVE-2020-8168 | 1 Ui | 51 Ag-hp-2g16, Ag-hp-2g20, Ag-hp-5g23 and 48 more | 2024-11-21 | 8.8 High |
| We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | ||||
| CVE-2020-8167 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Satellite Capsule and 1 more | 2024-11-21 | 6.5 Medium |
| A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | ||||
| CVE-2020-8166 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Satellite Capsule and 1 more | 2024-11-21 | 4.3 Medium |
| A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | ||||
| CVE-2020-7991 | 1 Adive | 1 Framework | 2024-11-21 | 8.8 High |
| Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. | ||||
| CVE-2020-7988 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 8.8 High |
| An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens. | ||||
| CVE-2020-7983 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 8.1 High |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | ||||
| CVE-2020-7965 | 1 Webargs Project | 1 Webargs | 2024-11-21 | 8.8 High |
| flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF. | ||||
| CVE-2020-7780 | 1 Softwaremill | 1 Akka-http-session | 2024-11-21 | 6.3 Medium |
| This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. | ||||
| CVE-2020-7534 | 1 Schneider-electric | 20 140cpu65, 140cpu65 Firmware, 140noc78000 and 17 more | 2024-11-21 | 8.8 High |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) | ||||
| CVE-2020-7503 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 8.8 High |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | ||||
| CVE-2020-7336 | 1 Mcafee | 1 Network Security Management | 2024-11-21 | 6.6 Medium |
| Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request. | ||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7 High |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | ||||
| CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 7.6 High |
| Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | ||||
| CVE-2020-7210 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 4.3 Medium |
| Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | ||||
| CVE-2020-7201 | 1 Hp | 4 Storeever 1\/8 G2 Tape Autoloader, Storeever 1\/8 G2 Tape Autoloader Firmware, Storeever Msl2024 and 1 more | 2024-11-21 | 8.8 High |
| A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). | ||||
| CVE-2020-7029 | 1 Avaya | 2 Aura Communication Manager, Aura Messaging | 2024-11-21 | 6.4 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1. | ||||
| CVE-2020-7005 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-6849 | 1 Hutchhouse | 1 Marketo Forms And Tracking | 2024-11-21 | 8.8 High |
| The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. | ||||
| CVE-2020-6844 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 8.8 High |
| In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. | ||||