Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28168 | 2 Axios, Siemens | 2 Axios, Sinec Ins | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. | |||||
| CVE-2020-28978 | 1 Canto | 1 Canto | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. | |||||
| CVE-2020-16171 | 1 Acronis | 1 Cyber Backup | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. | |||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | |||||
| CVE-2020-24881 | 1 Osticket | 1 Osticket | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2020-14023 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | |||||
| CVE-2020-8902 | 1 Google | 1 Rendertron | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain. | |||||
| CVE-2020-26948 | 1 Emby | 1 Emby | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | |||||
| CVE-2020-24570 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | |||||
| CVE-2020-4882 | 1 Ibm | 1 Planning Analytics | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. | |||||
| CVE-2020-11988 | 2 Apache, Fedoraproject | 2 Xmlgraphics Commons, Fedora | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | |||||
| CVE-2020-28977 | 1 Canto | 1 Canto | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | |||||
| CVE-2020-4786 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. | |||||
| CVE-2021-23927 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 5.5 MEDIUM | 6.4 MEDIUM |
| OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. | |||||
| CVE-2021-21973 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | |||||
| CVE-2021-27329 | 1 Frendi | 1 Frendica | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
| Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. | |||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | |||||
| CVE-2020-27626 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. | |||||
| CVE-2020-10770 | 1 Redhat | 1 Keycloak | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. | |||||