Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2360 | 1 Acronis | 1 Cyber Infrastructure | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | |||||
| CVE-2023-25603 | 1 Fortinet | 2 Fortiadc, Fortiddos-f | 2024-11-21 | N/A | 5.4 MEDIUM |
| A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. | |||||
| CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | N/A | 6.5 MEDIUM |
| Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | |||||
| CVE-2021-34435 | 1 Eclipse | 1 Theia | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. | |||||
| CVE-2021-27786 | 1 Hcltech | 1 Onetest Server | 2024-11-21 | 6.8 MEDIUM | 4.6 MEDIUM |
| Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. | |||||
| CVE-2019-14860 | 1 Redhat | 2 Fuse, Syndesis | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. | |||||
| CVE-2024-10315 | 2024-11-18 | N/A | N/A | ||
| In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | |||||
| CVE-2024-45642 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2024-11-16 | N/A | 5.3 MEDIUM |
| IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-6449 | 1 Hyperview | 1 Geoportal Toolkit | 2024-09-12 | N/A | 6.5 MEDIUM |
| HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides. | |||||
| CVE-2024-41657 | 1 Casbin | 1 Casdoor | 2024-08-28 | N/A | 8.1 HIGH |
| Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user. | |||||
| CVE-2024-32862 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 6.8 MEDIUM |
| Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | |||||