Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27404 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | |||||
| CVE-2020-35560 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. | |||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. | |||||
| CVE-2020-25845 | 1 Panorama Project | 1 Nhiservisignadapter | 2024-02-28 | 4.3 MEDIUM | 7.4 HIGH |
| Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | |||||
| CVE-2020-26979 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84. | |||||
| CVE-2021-21337 | 1 Zope | 1 Products.pluggableauthservice | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install "Products.PluggableAuthService>=2.6.1". | |||||
| CVE-2020-12483 | 1 Vivo | 1 Appstore | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | |||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11529 | 1 Getgrav | 1 Grav | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | |||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | |||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | |||||
| CVE-2020-1220 | 1 Microsoft | 9 Edge, Windows 10, Windows 7 and 6 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | |||||
| CVE-2020-1323 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | |||||
| CVE-2020-1059 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | |||||
| CVE-2020-15129 | 1 Traefik | 1 Traefik | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
| In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. | |||||
| CVE-2020-4048 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-02-28 | 4.9 MEDIUM | 5.7 MEDIUM |
| In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2020-4598 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. | |||||
| CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||||