33 matches found
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2020:0602-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:0602-1 Rating: important References: 1165528 1169658 Cross-References: CVE-2020-10018 CVE-2020-11793 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1109-1)
This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...
Fedora 31 : webkit2gtk3 (2020-f25793aac4)
Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...
Fedora 30 : webkit2gtk3 (2020-f3fa778924)
Update to WebKitGTK 2.28.0. - Add API to enable Process Swap on Cross-site Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox...
Cross-Site Request Forgery (CSRF)
Auth0 and Auth0-lock is vulnerable to cross-site request forgery. The vulnerability exists when the Legacy Lock API flag is enabled. This allows an attacker to perform unwanted actions in the context of the user when the victim is tricked into visiting a malicious web page...
Cross-Site Request Forgery (CSRF) in Auth0
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
GHSA-WV26-RJ8C-4R33 Cross-Site Request Forgery (CSRF) in Auth0
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
Cross site request forgery (csrf)
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled...
CVE-2018-6874
CVE-2018-6874 describes a CSRF flaw in Auth0's authentication service when the Legacy Lock API flag is enabled. The vulnerability allows an attacker to reuse a valid signed JWT to perform actions in the victim’s account if the user visits a malicious page. Documents indicate the issue affected Au...