Lucene search
+L

188 matches found

CVE
CVE
added 2020/08/03 4:50 p.m.63 views

CVE-2020-14319

The CVE-2020-14319 entry concerns a Cross-Site Request Forgery (CSRF) vulnerability in the AMQ Online console. Affected are AMQ Online versions prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up to, but not including, 0.32.2. The flaw stems from insufficient preflight checks, enabling CSRF when au...

5.9CVSS5.7AI score0.00321EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2020/07/29 3:44 p.m.22 views

CVE-2020-14319

A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...

4CVSS2.7AI score0.00321EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/07/29 3:21 p.m.7 views

amq-on: CSRF (in graphQL requests)

A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...

5.9CVSS5.7AI score0.00321EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/02/07 2:44 p.m.37 views

CVE-2020-5397

A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...

5.3CVSS2.2AI score0.02382EPSS
Exploits1References3
OSV
OSV
added 2020/01/21 8:59 p.m.27 views

GHSA-7PM4-G2QJ-J85X CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS5.5AI score0.02382EPSS
Exploits1References10
OSV
OSV
added 2020/01/17 7:15 p.m.24 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.8AI score0.02382EPSS
Exploits1References7
Prion
Prion
added 2020/01/17 7:15 p.m.18 views

Cross site request forgery (csrf)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

2.6CVSS7.1AI score0.02382EPSS
Exploits1References7Affected Software27
UbuntuCve
UbuntuCve
added 2020/01/17 7:15 p.m.34 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.02382EPSS
Exploits1References2
OSV
OSV
added 2020/01/17 7:15 p.m.4 views

UBUNTU-CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.02382EPSS
Exploits1References3
CVE
CVE
added 2020/01/17 6:50 p.m.233 views

CVE-2020-5397

CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...

5.3CVSS5.5AI score0.02382EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2020/01/17 6:50 p.m.41 views

CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS7.2AI score0.02382EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2020/01/17 6:50 p.m.82 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS5.7AI score0.02382EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2019/01/04 12:0 a.m.37 views

Adobe Acrobat Pro DC Preflight setDefaultLibrary Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

8.2CVSS2.4AI score0.08414EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/06 3:39 p.m.657 views

(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image

Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes: - Fixed event callback error when in-line vaulted variables are used with includevars - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration - Fixed isolated node setup to no longer fail when...

9.8CVSS7.3AI score0.97356EPSS
Exploits19
Github Security Blog
Github Security Blog
added 2018/06/07 7:43 p.m.28 views

Incorrect handling of CORS preflight request headers in hapi

Versions of hapi prior to 11.0.0 implement CORS incorrectly, allowing for configurations that at best return inconsistent headers, and at worst allow cross-origin activities that are expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, t...

5.3CVSS5.5AI score0.0154EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/06/07 7:43 p.m.30 views

GHSA-VWRF-R5R4-7775 Incorrect handling of CORS preflight request headers in hapi

Versions of hapi prior to 11.0.0 implement CORS incorrectly, allowing for configurations that at best return inconsistent headers, and at worst allow cross-origin activities that are expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, t...

5.3CVSS5.3AI score0.0154EPSS
Exploits0References5
Kitploit
Kitploit
added 2018/01/24 12:50 p.m.58 views

rbndr - Simple DNS Rebinding Service

rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...

7.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/12/02 12:0 a.m.40 views

Ubuntu: Security Advisory (USN-2819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.10238EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.28 views

RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...

7.5CVSS8.7AI score0.04219EPSS
Exploits0References15
OPENSUSE Linux
OPENSUSE Linux
added 2015/11/09 11:10 p.m.49 views

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey (important)

Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. Seamonkey was updated to 2.39. New features in Mozilla Firefox: Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your...

7.5CVSS0.2AI score0.10238EPSS
Exploits0References1
Rows per page
Query Builder