Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-26524: FileCloud Release Notes

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#ubuntu#linux#debian#apache#memcached#nodejs#js#git#java
CVE-2020-15181: Merge remote-tracking branch 'remotes/origin/candidate' into release · FlexSolution/AlfrescoResetPassword@5927b96

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

CVE-2020-15776: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery.

CVE-2020-15771: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

CVE-2020-15767: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF.

CVE-2020-24373: L'actualité de la Freebox » Blog Archive

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

CVE-2020-25015: Genexis Platinum 4410 Router - Broken Access Control, CSRF

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

CVE-2020-2263: Jenkins Security Advisory 2020-09-16

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2020-2262: Jenkins Security Advisory 2020-09-16

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.