188 matches found
CVE-2020-14319
The CVE-2020-14319 entry concerns a Cross-Site Request Forgery (CSRF) vulnerability in the AMQ Online console. Affected are AMQ Online versions prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up to, but not including, 0.32.2. The flaw stems from insufficient preflight checks, enabling CSRF when au...
CVE-2020-14319
A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...
amq-on: CSRF (in graphQL requests)
A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...
CVE-2020-5397
A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...
GHSA-7PM4-G2QJ-J85X CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
Cross site request forgery (csrf)
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
UBUNTU-CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...
CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
CVE-2020-5397
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...
Adobe Acrobat Pro DC Preflight setDefaultLibrary Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes: - Fixed event callback error when in-line vaulted variables are used with includevars - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration - Fixed isolated node setup to no longer fail when...
Incorrect handling of CORS preflight request headers in hapi
Versions of hapi prior to 11.0.0 implement CORS incorrectly, allowing for configurations that at best return inconsistent headers, and at worst allow cross-origin activities that are expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, t...
GHSA-VWRF-R5R4-7775 Incorrect handling of CORS preflight request headers in hapi
Versions of hapi prior to 11.0.0 implement CORS incorrectly, allowing for configurations that at best return inconsistent headers, and at worst allow cross-origin activities that are expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, t...
rbndr - Simple DNS Rebinding Service
rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...
Ubuntu: Security Advisory (USN-2819-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey (important)
Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. Seamonkey was updated to 2.39. New features in Mozilla Firefox: Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your...