Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-34808 | 1 Synology | 1 Media Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. | |||||
CVE-2021-39152 | 5 Debian, Fedoraproject, Netapp and 2 more | 15 Debian Linux, Fedora, Snapmanager and 12 more | 2024-02-28 | 6.0 MEDIUM | 8.5 HIGH |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | |||||
CVE-2020-14160 | 1 Thecodingmachine | 1 Gotenberg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | |||||
CVE-2021-3758 | 1 Bookstackapp | 1 Bookstack | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
bookstack is vulnerable to Server-Side Request Forgery (SSRF) | |||||
CVE-2021-1627 | 1 Salesforce | 1 Mule | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021. | |||||
CVE-2021-20535 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834. | |||||
CVE-2020-29445 | 1 Atlassian | 1 Confluence Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. | |||||
CVE-2021-21975 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | |||||
CVE-2021-29475 | 1 Hedgedoc | 1 Hedgedoc | 2024-02-28 | 5.8 MEDIUM | 10.0 CRITICAL |
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65 and is available in version 1.5.0. Starting the CodiMD/HedgeDoc instance with `CMD_ALLOW_PDF_EXPORT=false` or set `"allowPDFExport": false` in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn't actually render the `file:///` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc `config.json` file as well any other files on the filesystem. Even though the suggested Docker deploy option doesn't have many interesting files itself, the `config.json` still often contains sensitive information, database credentials, and maybe OAuth secrets among other things. | |||||
CVE-2021-28060 | 1 Group-office | 1 Group Office | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | |||||
CVE-2020-19613 | 1 Flycms Project | 1 Flycms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | |||||
CVE-2021-39497 | 1 Eyoucms | 1 Eyoucms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | |||||
CVE-2021-33181 | 1 Synology | 1 Video Station | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. | |||||
CVE-2021-39195 | 1 Misskey | 1 Misskey | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been fixed in 12.90.0. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running. | |||||
CVE-2020-4974 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. | |||||
CVE-2020-23079 | 1 Halo | 1 Halo | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | |||||
CVE-2021-20347 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596. | |||||
CVE-2021-31828 | 1 Amazon | 1 Open Distro | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope. | |||||
CVE-2021-22696 | 2 Apache, Oracle | 6 Cxf, Business Intelligence, Communications Diameter Intelligence Hub and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. | |||||
CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. |