Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42439 | 1 Geosolutionsgroup | 1 Geonode | 2024-02-28 | N/A | 6.5 MEDIUM |
| GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch. | |||||
| CVE-2023-37290 | 1 Infodoc | 1 Document On-line Submission And Approval System | 2024-02-28 | N/A | 7.5 HIGH |
| InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology. | |||||
| CVE-2023-39301 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-02-28 | N/A | 4.3 MEDIUM |
| A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-45660 | 1 Nextcloud | 1 Mail | 2024-02-28 | N/A | 4.3 MEDIUM |
| Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39108 | 1 Rconfig | 1 Rconfig | 2024-02-28 | N/A | 8.8 HIGH |
| rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | |||||
| CVE-2023-26442 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-02-28 | N/A | 3.2 LOW |
| In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. | |||||
| CVE-2023-36088 | 1 Vesoft | 1 Nebulagraph Studio | 2024-02-28 | N/A | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | |||||
| CVE-2021-35391 | 1 Deskpro | 1 Deskpro | 2024-02-28 | N/A | 7.2 HIGH |
| Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | |||||
| CVE-2023-42477 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-28 | N/A | 6.5 MEDIUM |
| SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-44729 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2024-02-28 | N/A | 7.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | |||||
| CVE-2023-46124 | 1 Ethyca | 1 Fides | 2024-02-28 | N/A | 7.2 HIGH |
| Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`. | |||||
| CVE-2023-39110 | 1 Rconfig | 1 Rconfig | 2024-02-28 | N/A | 8.8 HIGH |
| rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. | |||||
| CVE-2022-42183 | 1 Precisely | 1 Spectrum Spatial Analyst | 2024-02-28 | N/A | 9.1 CRITICAL |
| Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). | |||||
| CVE-2023-43798 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-02-28 | N/A | 5.4 MEDIUM |
| BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. | |||||
| CVE-2022-3172 | 1 Kubernetes | 1 Apiserver | 2024-02-28 | N/A | 8.2 HIGH |
| A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | |||||
| CVE-2023-41449 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-02-28 | N/A | 9.8 CRITICAL |
| An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | |||||
| CVE-2023-4651 | 1 Instantcms | 1 Instantcms | 2024-02-28 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. | |||||
| CVE-2023-46303 | 1 Calibre-ebook | 1 Calibre | 2024-02-28 | N/A | 7.5 HIGH |
| link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | |||||
| CVE-2023-45822 | 1 Artifacthub | 1 Hub | 2024-02-28 | N/A | 5.3 MEDIUM |
| Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41339 | 1 Osgeo | 1 Geoserver | 2024-02-28 | N/A | 5.3 MEDIUM |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | |||||