Export limit exceeded: 13957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6538 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6506 | 2 Google, Redhat | 3 Android, Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| CVE-2020-6504 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. | ||||
| CVE-2020-6503 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2020-6453 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6420 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | ||||
| CVE-2020-6289 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 8.8 High |
| SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. | ||||
| CVE-2020-6206 | 1 Sap | 1 Cloud Platform Integration | 2024-11-21 | 4.3 Medium |
| SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery. | ||||
| CVE-2020-6167 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-11-21 | 8.8 High |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. | ||||
| CVE-2020-5928 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 3.1 Low |
| In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. | ||||
| CVE-2020-5922 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 8.8 High |
| In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser. | ||||
| CVE-2020-5904 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.8 High |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. | ||||
| CVE-2020-5900 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 8.8 High |
| In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | ||||
| CVE-2020-5798 | 1 Druva | 1 Insync | 2024-11-21 | 7.8 High |
| inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | ||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5786 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5783 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 5.4 Medium |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. | ||||
| CVE-2020-5776 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 8.8 High |
| Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. | ||||
| CVE-2020-5770 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5767 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. | ||||