Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

RHSA-2021:4916: Red Hat Security Advisory: mailman:2.1 security update

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44227: mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

Red Hat Security Data
Open in Source
#csrf#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes
CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-43137: Offensive Security’s Exploit Database Archive

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVE-2021-43137: Offensive Security’s Exploit Database Archive

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVE-2021-4015: Fix CSRF issues · firefly-iii/firefly-iii@518b4ba

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-4017: Cross-Site Request Forgery (CSRF) in showdoc

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-3993: Cross-Site Request Forgery (CSRF) in showdoc

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-20851: WordPress Plugin "Browser and Operating System Finder" vulnerable to cross-site request forgery

Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors.

CVE-2021-20862: Multiple vulnerabilities in multiple ELECOM routers

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors.