Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35678 | 1 Crossbar | 1 Autobahn | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Autobahn|Python before 20.12.3 allows redirect header injection. | |||||
| CVE-2020-15677 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2020-26232 | 1 Jupyter | 1 Jupyter Server | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. | |||||
| CVE-2021-21330 | 3 Aiohttp, Debian, Fedoraproject | 3 Aiohttp, Debian Linux, Fedora | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. | |||||
| CVE-2021-21377 | 1 Openmicroscopy | 1 Omero.web | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. | |||||
| CVE-2020-29565 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. | |||||
| CVE-2021-1218 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | |||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | |||||
| CVE-2020-29498 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2021-21273 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | |||||
| CVE-2020-26215 | 2 Debian, Jupyter | 2 Debian Linux, Notebook | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. | |||||
| CVE-2020-27729 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. | |||||
| CVE-2020-6365 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | |||||
| CVE-2020-3558 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | |||||
| CVE-2020-1723 | 2 Keycloak Gatekeeper Project, Redhat | 2 Keycloak Gatekeeper, Mobile Application Platform | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 | |||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | |||||
| CVE-2021-21491 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2019-14831 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect. | |||||