Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-20577 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. | 9.1 |
| 2018-12-28 | CVE-2018-20576 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. | 5.4 |
| 2018-12-28 | CVE-2018-18696 | Cross-Site Request Forgery (CSRF) vulnerability in Microstrategy 10.4/10.4.0026.0049/9.2.1 main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. | 8.8 |
| 2018-12-28 | CVE-2018-15334 | Cross-Site Request Forgery (CSRF) vulnerability in F5 Big-Ip Access Policy Manager A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | 4.3 |
| 2018-12-26 | CVE-2018-19182 | Cross-Site Request Forgery (CSRF) vulnerability in Engelsystem 2.0.0 Engelsystem before commit hash 2e28336 allows CSRF. | 8.8 |
| 2018-12-24 | CVE-2018-20419 | Cross-Site Request Forgery (CSRF) vulnerability in Douco Douphp 1.5 DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | 8.8 |
| 2018-12-20 | CVE-2018-8892 | Cross-Site Request Forgery (CSRF) vulnerability in Blackberry Unified Endpoint Manager A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | 6.5 |
| 2018-12-20 | CVE-2018-1000858 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. | 8.8 |
| 2018-12-20 | CVE-2018-1000846 | Cross-Site Request Forgery (CSRF) vulnerability in Freshdns Project Freshdns FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. | 8.8 |
| 2018-12-20 | CVE-2018-1000843 | Cross-Site Request Forgery (CSRF) vulnerability in Spotify Luigi Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. | 8.8 |