Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20794 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | |||||
CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2024-02-28 | 4.0 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | |||||
CVE-2022-23237 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | |||||
CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
CVE-2022-24739 | 1 Alltube Project | 1 Alltube | 2024-02-28 | 4.0 MEDIUM | 6.1 MEDIUM |
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. | |||||
CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | |||||
CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | |||||
CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-33146 | 1 Web2py | 1 Web2py | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
CVE-2022-27110 | 1 Orangehrm | 1 Orangehrm | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | |||||
CVE-2021-41180 | 1 Nextcloud | 1 Talk | 2024-02-28 | 4.0 MEDIUM | 6.1 MEDIUM |
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. | |||||
CVE-2022-1058 | 1 Gitea | 1 Gitea | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||
CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
CVE-2022-27109 | 1 Orangehrm | 1 Orangehrm | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | |||||
CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | |||||
CVE-2022-27256 | 1 Hubzilla | 1 Hubzilla | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue |