Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24554 | 1 Liferay | 1 Liferay Portal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | |||||
| CVE-2020-10775 | 2 Oracle, Redhat | 2 Virtualization, Ovirt-engine | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
| An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | |||||
| CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | |||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | |||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11053 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1. | |||||
| CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
| CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | |||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. | |||||
| CVE-2014-9617 | 1 Netsweeper | 1 Netsweeper | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | |||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2019-6025 | 1 Sixapart | 1 Movable Type | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | |||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | |||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | |||||
| CVE-2014-2213 | 1 Posh Project | 1 Posh | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php. | |||||
| CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | |||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | |||||