Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4166 | 1 Ibm | 1 Storediq | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | |||||
| CVE-2018-12300 | 1 Seagate | 1 Nas Os | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter. | |||||
| CVE-2019-3788 | 1 Cloudfoundry | 1 Uaa Release | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | |||||
| CVE-2019-7275 | 1 Optergy | 2 Enterprise, Proton | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Optergy Proton/Enterprise devices allow Open Redirect. | |||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
| CVE-2019-10751 | 1 Httpie | 1 Httpie | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. | |||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
| CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | |||||
| CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | |||||
| CVE-2019-16393 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | |||||
| CVE-2019-11585 | 1 Atlassian | 2 Jira, Jira Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2018-12621 | 1 Eventum Project | 1 Eventum | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2019-15771 | 1 Components For Wp Bakery Page Builder Project | 1 Components For Wp Bakery Page Builder | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
| CVE-2019-6004 | 1 Fujixerox | 2 Apeosware Management Suite, Apeosware Management Suite 2 | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | |||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | |||||
| CVE-2017-18109 | 1 Atlassian | 1 Crowd | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2018-14931 | 1 Polarisft | 1 Intellect Core Banking | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | |||||
| CVE-2019-1943 | 1 Cisco | 114 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 111 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||