Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45851 | 1 Frangoteam | 1 Fuxa | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server. | |||||
| CVE-2022-1188 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | |||||
| CVE-2021-46107 | 1 Ligeo-archives | 1 Ligeo Basics | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. | |||||
| CVE-2022-34011 | 1 Zhyd | 1 Oneblog | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | |||||
| CVE-2021-22056 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | |||||
| CVE-2021-3553 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. | |||||
| CVE-2022-0132 | 1 Framasoft | 1 Peertube | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-41587 | 1 Gradle | 1 Gradle | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources. | |||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | |||||
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | |||||
| CVE-2021-45394 | 1 Html2pdf Project | 1 Html2pdf | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document. | |||||
| CVE-2021-43562 | 1 Pixxio | 1 Pixx.io | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | |||||
| CVE-2021-22969 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider's best practices.This fix is also in Concrete version 9.0.0 | |||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | |||||
| CVE-2021-29738 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. | |||||
| CVE-2021-22958 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N | |||||
| CVE-2021-42091 | 1 Zammad | 1 Zammad | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. | |||||
| CVE-2021-3552 | 1 Bitdefender | 2 Endpoint Security Tools, Gravityzone | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. | |||||
| CVE-2021-22821 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2022-0339 | 1 Calibre-web Project | 1 Calibre-web | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||